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(54) Mobile communications servica syatam, mobile oommunicaftions service method, 
authentication apparatus, and home agent apparatus 



(57) In a mobile connmunlcatlons service system, 
various value-added services can be provided for eacii 
mobile node. A mobile node transmhs a registration 
request to a foreign agent. Tlie foreign agent transfers a 
Mobile request message to an authentication process 
server home agent (AAAi-i) through an authentication 
process server foreign agent (AAAF). The AAAIH 
extracts from a servbe control database a service pro- 
file that identifies the value-added sen/ices to be sup- 
plied to the mobile node. The servbe profile is 
distributed to a home ^ent using a IHome agent regis- 
tration request message, and to a foreign agent using a 
mobile request message. The home agent and the for- 
eign agent provide services according to the distributed 
service profiles. 
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Description 

BACKgRQUNP QFTHE INVENTION 

1. Technical Reld 5 



(differentiated services) for performing prioritized trans- 
fer control based on a prioritized transfer order set in 
each pactet Is aiso well l<nown. If these functions are 
used in the PBN, for axample, the foliowlng value-added 
services can be provided. 



[0001] The present Invention relates to a system, 
an apparatus, and a method for providing communtea- 
tlons services for a mobile node. Specifically, in a mobile 
environment, and in the communications between a 
mobile node (containing a stationary terminal and a 
nmblle temnlnal) and each node connected to a networfc 
or another mobile node in the mobile environment, the 
present Invention relates to a system, a method, an 
authentication apparatus, and a home agent apparatus 
for providing mobile communications services for a 
mobile node In a networic 

2. Bac{<ground Art 

[0002] in an IP networic, an increasing amount of 
traffic In which various lypes of data are combined 
including data containing vobe data and image data 
has been used, iiowever, nonnally, a pacicet in an IP 
networic Is transfemed with the best effort That is, a 
router and a switch transfer a padcst to the next destina- 
tion with the best effort independent of a user or an 
application at the destination of the input packet. At this 
time, there arises uneven delays depending on the traf- 
fic state (for example, the congestion state), and a 
padtet which cannot be successfully transfemed is 
rejected. 

[0003] TTierefore, to comectly transmit a padcet 
relating to an application (for transmitting voice data, 
picture data, etc.) whose requirements are strict on, for 
examplep delay, It Is necessary to Introduce to or set in 
each router or switch In the IP networlc the function of 
transferring a specific pacicet by priority Otherwise, to 
guarantee traffic bandwidth from a specific user or ter- 
minal, It is necessary to Introduce to or set in each 
router or switch the function of guaranteeing and con- 
trolling the bandwidth of a specific path. 
[0004] PBN (policy-based networking) technotogy 
is well-known as a technology of providing the above 
described value-added sen/ice (for example, transfer 
control by priority for a specific packet, bandwidth guar- 
anteeing control, packet filtering control, ^c). A value- 
added service provkied tiirough the IP network using 
PBN technology can be. for example, a technotogy of 
guaranteeing a bandwkltii, guaranteeing the maximum 
allowable delay, packet-filtering for suppressfon of 
access to hannfui WWW Information, the security func- 
tion of suppressing access not satisfying specified con- 
ditions, etc. Described below is a practical example. 
[0005] A control method for dynamically reserving 
end-to-end bandwkiths using an RSVP (resource reser- 
vation protocol), etc. for a network appliance such as a 
router, a switch, etc. Is well known, in additton, Diff-Serv 



(1) By setting the QoS (quality of servtee) for the 
communications of a speclfb division or a group, 
the communications quality such as voice traffic for 

10 which the maximum aitowable delay Is strlcUy 
defined is guaranteed. 

(2) A specifte type of application traffic (for example, 
file transfer. World Wide Web, etc.) Is transferred by 
the highest priority. 

15 (3) Based on the policy of security, access security 
can be guaranteed for each user by permitting 
access only from a specified user, or limiting access 
from a specified user to a specified server. 

20 [0006] When the above-described PBN Is used, the 
poltoy of each tenninal device (such as tiie above 
described QoS conditions, etc.) is, for example, set in a 
network appliance such as a router, a switch, etc. i-low- 
ever, in the mobile envlronnoent, when a mobile terminal 

25 is moved, a networlc appliance for accommodating the 
mobile temnlnal is changed one after another. THere- 
fore, when the above-described PBN Is used In the 
mobile environment, it Is necessary that the policy of a 
mobile terminal is set In all network appliances that may 

30 possibly accommodate the mobile tenriinal. However, If 
the policy of each mobile terminal Is set in each networic 
appliance, the amount of Information to be stored In 
each network appliance is enomnously large, and the 
process to be perfomned to set policy Infomrtatlon about 

35 the entire network and to maintain the network also 
becomes large. When tocation registration (location 
registration) of a mobile terminal Is completed k)efore 
tiie completion of setting a policy, It Is possible that a 
value-added service based on the poRcy cannot be pro- 

40 vided for the mobiie tenninal. 

[0007] A protocol for accommodating a mobiie ter- 
minal in a network appliance Is issued as an IP Mobility 
Support (hereinafter refemed to as a 'Mobile i P or 'MIP) 
through RFC2002 In October 1996. As a protocol relat- 

4ff Ing to the MIP, an AAA (authentication, authorization, 
and accounting) protocol is being studied by IETF 
(Internet Engineering Task Force). 
[0008] There Is the following problem with the 
above-described technology. 

50 [0009] Recentiy, referred to as 'anything over IP, 
the traffic In which votee and data are Integrated has 
sharply incrsesed In the Intemet In addition, with an 
Increasing number of mobile telephones, stanc^rdlza- 
tion has proceeded with the international Mobiie Tele- 

55 communications 2000 (iMT-2000), and It is predicted 
that the traffic In the mobiie environment will also dra- 
nnaticaiiy increase. 

[0010] IHowever, in the mobiie environment, serv- 
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Ices (mainly the oommunlcations service relating to traf- 
fic) raquestad by each mobile node or each user are 
different from each other. For example, concerning a 
voice data transmission, the volume of data to be trans- 
mitted per unit time is fixed. Although there arises con- 5 
gestion, etc. in an end-to-end system, there is a 
demand 16r a service of translienlng a target packet by 
priority in a way such that a request for bandwidth and a 
request for maximum allowabie delay can be realized. 
On the other hand, the traffic relating to e-mail allows a 
long delay. Thus, a networlcto which various terminals 
are connected (for exampiep an IP network) contains 
various types of trsfflc whose policies to be guaranteed 
are different from each other. Therefore, to protect the 
traffic having a higher priority level in business, the QoS /5 
(quality of service) function has to be necessarily real- 
ized. However, when a user establishes comnrttjnica- 
tions from a mobile node through a network, there has 
been the problem that a value-added service provided 
by the PBN, etc. couldnt be provided for each mobile 20 
node. 

[0011] When focation registration of a mobile node 

is to be made and servkse profile Infonnation is to be set 
independently for a foreign agent and a home agent, 
there arises the problem that a packet is transmitted 25 
from the mobile node before sen/ice control information 
iss^. 

[0012] As background and illustrative of the state of 
the art, the following document is incorporated by refer- 
ence: 30 
[0013] JP 2000-0101414 (Japanese application 
number) who's prtortty Is claimed herein, the entire doc- 
ument of which is Incorporated by reference. 
[0014] in addition, the following documents are 
listed as prior art reference: as 
[0015] Internet Engineering Task Force, Networic 
Working Group RFC 2002: IP Mobility Support October 
1996: This document describes protocol enhancements 
that allow transparent routing of 1 P datagrams to mobile 
nodes In the Intemet Each mobile node is always Iden- 40 
titled by its home address, regardless of Its current point 
of attachment to the Internet. The entire document of 
which is incorporated by reference. 
[0016] internet Engineering Task Force. Network 
Working Group RFC 2003: IP Encapsulation within IP^ 46 
October 1996: This document specifies a method by 
whteh an IP datagram may be encapsulated (canied as 
payload) within an IP datagram. Encapsulation Is sug- 
gested as a means to alter the normal IP routing for dat- 
agrams, by delivering them to an intemriediate so 
destinatton that would otherwise not be selected by the 
(networic part of the) IP Destinatbn Address field in the 
ordinal IP header. The entire document of which is 
incorporated by reference. 

[0017] Internet Engineering Task Force, Network ss 
Working Group RFC 2794: Mobile Node NAI. 2000: 
This document describes AAA servere that provMe 
authenticatton and authorizatton services for dial-up 



computers and Includes a way for the mobile node to 
Mantify itself, by including the NAI afong with the Mobile 
IP RectfstTEtfion Request The entire document of which 
is Incorporated by reference. 
[0018] internet Engineering Task Force, iWobile IP 
Working Group: Mobile IP Challenffe/Rflsponsa Exten- 
sions, draft-ietf-mobllelp-challenge-12.txt, June 13, 
2000. This document describes extensions for the 
Mobile IP Agent Advertisements and the Registration 
Request that allows a foreign agent to use a chai- 
lenge/response mechanism to authenticate the mobile 
node. The entire document of which is Incorporated by 
reference. 

[0019] Irrtemet Engineering Task Force, AAA Work- 
ing Group: DIAMETER Framework Document draft-cal- 
hDun-diameter-fram8WDri(-08.txt, June 2000. This 
documents AAA requirements that would help Mobile IP 
scale for inter-Domain mobility. The entire document of 
whteh is Incorporated by reference. 
[0020] Internet Engineering Task Force, AAA Work- 
ing Group: DIAMETER Base Protocol, draft-calhoun- 
dlamete^15.txt, June 2000, describes tiie DIAMETER 
base protocol message format, transport, error report- 
ing and security services to be used by all DIAMETER 
extensions and MUST be supported by all DIAMETER 
implementations. The entire document of whteh is incor- 
porated by reference. 

[0021] Internet Engineering Task Force, AAA Work- 
ing Group; DIAMETER Mobile IP Extensions, dreft-cai- 
houn-diameter-mobllelp-08.txt, June 2000. This 
describes an extension to the DIAMETER base protocol 
that allows a DIAMETER server to authentteate, author- 
ize and collect accounting infonnatlon for services ren- 
dered to a mobile node. The entire document of which is 
Incorporated by referenca 

SUMMARY OF THS INVENTION 

[0022] Described below is the configuration accord- 
ing to the present invention developed to solve the prob- 
lem. 

[0023] The mobile communlcatk)ns servk» system 
according to tiie present Invention transfere a message 
containing tocation registration request information from 
a mobile node sequentially to a foreign agent (FA), an 
authentication server, and a home agent (IHA), returns a 
message containing location registration reply Infonna- 
tion to the mobile node in response to the received mes- 
sage In the reverse order from the home agent, 
reglstera tiie location of the mobile node In tiie home 
agent and the foreign agent, and provMes a communi- 
cattons service for the mobile node. The authentication 
server is provided with a unit for adding corresponding 
servbe profile infonnation to the message conteining 
the location registration request infomnatlon or the loca- 
tion registration reply Information. The foreign agent 
and the home agent control the transfer of a packet 
transmitted or received from the mobile node according 
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to the service profile information contained In the mes- 
sage received from the authentication server. The serv- 
ice profile can be stored in the database. 
[0024] in the above-described system, a service 
profile Is provided only for a home agent of a mobile 
node and a foreign agent accommodating the mobile 
node. Therefore, the volume of the service control Infor- 
mation to be set for each agent can be relatively small 
although the number of mobile nodes increases. In 
addltionp a mobile node can receive various value- 
added services even if It Is moved to an optional place. 
[0025] In the system according to another embodi- 
ment of the present invention, the authentication server 
includes an authentication request server and an 
authentication process server accessible to the data- 
base. Upon receipt of a massage containing the loca- 
tion registration request information from the foreign 
agent, the authentication request server determines an 
auUientlcation process server for appnopriatety perform- 
ing an authenticating process according to the mes- 
sage, and transmits the message to the auflientication 
process server. Upon receipt of a message containing 
the location registration reply Irrformation from the 
authentication process server, the authentication 
request server transmits the message containing the 
location registration reply information to the foreign 
agent Upon receipt of the message containing the loca- 
tion registration request information from the authenti- 
cation request server, the autiientication process server 
adds the service profile Information to the message 
containing tiie location registration request infomiation. 
and transmits the message to the home agent Upon 
receipt of the message containing the location registra- 
tion reply Information from the home agent, tiie authen- 
tication process server adds the service profile 
Infonnation to the message containing tiie location reg- 
istration reply infonrtation, and transmits the message 
to the authentication request server With the configura- 
tion, the authentication server is divided into the authen- 
tication request server and the authentication process 
server As a result, a process of selecting a server 
responsible for an authenticating process can be exclu- 
sively perfonned by the authentication request server 
[0026] in the system according to a further embodi- 
ment of the present invention, the authentication server 
includes an autiientication request server and an 
authentication process server accessible to the data- 
base. Upon receipt of a message containing the loca- 
tion registration request Information from the foreign 
agent, tiie authentication request server detemnlnes an 
authentication process server for appropriately perform- 
ing an authenticating process according to the mes- 
sage, and transmits the message containing the 
location registration request infonnation to the authenti- 
cation process server Upon receipt of the message 
containing the location registration request information 
from the autiientication request server, tiie autiientica- 
tion process server adds the service profile information 



to the message containing the location reglstiBtion reply 
Information, and transmHs the message to the authenti- 
cation request server Upon receipt of a message con- 
taining the location rsgistration reply information from 

5 ttie autiientication process server, the authentication 
request sender adds the service profile information to 
the message containing the location registration 
request information, and transmits tiie message to the 
home agent. Upon receipt of the message containing 

io tiie location registration reply Infonnation from the home 
agent the authentication request server adds the serv- 
ice profile Infonnation to the message containing the 
location registration reply information, and transmits the 
message to the foreign agent With the configuration, 

15 tiie authentication request server can dynamically 
assign a home agent 

[0027] In a system according to a furttier embodi- 
ment of the present Invention, when the mobile node is 
moved from a communications area of a first foreign 

20 agent subordinate to an authentication request server to 
a communications area of a second foreign agent sub- 
ordinate to tiie authentication request server, tiie sec- 
ond foreign agent requests the first foreign agent to 
remove the service profile infonnation. Witii the config- 

25 uration, when the mobile node moves to a new and dif- 
ferent foreign agent in tiie same authentication request 
server, the service profile infonnation whbh becomes 
unnecessary in the foreign agent to which the mobile 
communications previously belonged is removed. 

30 Therefore, the memory area for storing service profile 
information can be saved. 

[0028] In a system according to a furtiier embodi- 
ment of the present invention, when tiie mobile node is 
moved from a communications area of a first foreign 

38 agent subordinate to a first authentication request 
server to a communications area of a second foreign 
agent subordinate to a second authentication request 
server, the authentication process server requests the 
first authentication request server to remove the service 

40 profile infonnation set In the first foreign agent and the 
first authentication request server according to the mes- 
sage containing the locatten registration request Infor- 
mation from the second foreign agent With the 
configuration, when the mobile node is moved to a new 

45 and different foreign agent subordinate to the different 
autiientication request server, the service control infor- 
mation, which becomes unnecessary in the foreign 
agent to which the mobile node previously belonged. As 
a result, the memory area for storing service profile 

50 information can be saved. 

[0029] In a system according to a further embodi- 
ment of the present invention, the foreign agent controls 
tiie transfer of a packet received from tiie mobile node 
tyy priority according to the service profile information. 

58 Wltii the configuration, the control of the transfer of the 
paclcet received from the mobile node can be prioritized. 
The priority transfer control can be, for example, Dlff- 
Serv. 
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[0O3O] In a system according to a further embodi- 
ment of the present invention, the foreign agent per- 
forms a packet filtering process on the padoet received 
from the mobile node according to the service profile 
Information. With the configuration, the paclcet filtering 5 
process can be controlled according to the service pro- 
file Infomrtatlon. 

[0031] In a system according to a further embodi- 
ment of the present Invention, when the destination 
address of a received packet Is a target of the anycast 10 
service, the home agent selects an IP address corre- 
sponding to the destination address from the anycast 
address list, and tremsferB the packet to the selected iP 
address. With the configuration, a plurality of destina- 
tions can be set at one destination address, and one 15 
destinatton can be selected from the plurality of destina- 
tions according to a predetemilned poltey. 
[0032] In a system according to a further embodi- 
ment of the present invention, when the destination 
address of a received packet is a target of the anycast 20 
service, the foreign agent selects a link layer address 
according to the selection policy set as the service pro- 
file information, and transfers the packet to the selected 
link layer address. With the configurationp the packet 
can be transmitted to the link layer address specified by 25 
the selection policy. 

p)033] In a system according to a further embodi- 
ment of the present Invention, the home agent Includes 
a plurality of home agents, and the authentication proc- 
ess server evenly assigns honrre agents to a plurality of 30 
location registration requests. With the configurationp 
the loads of a plurality of home agents can be evenly 
distributed. 

[0034] In a system according to a further embodi- 
ment of the present Invention, the home agent includes 35 
a plurality of home agents, and the authenticatton proc- 
ess server assigns a home ^ent to a locatkin registra- 
tion request depending on the ability of each home 
agent With the conf^uratlon, the load can be assigned 
with the ability of the network appriance of a home agent 40 
taken Into account. 

[0035] The mobile communteations service method 
according to the present Invention is based on the 
method of transmitting a message containing location 
registration request information from a mobile node to a 45 
foreign agent, an authenticatton server, and a home 
agent in this order, retumlng a message conterining 
location registration reply Inforn^on as an answer to 
the received message in the inverse order from the 
home agent to the mobile node, registering tiie location so 
of the mobile node In the home agent and the fore^n 
agent, and providing a communications service for the 
mobile node. The authentication server adds corre- 
sponding service profile Informatron to the message 
containing the location registration request Infomiatton ss 
or the location reglstrBtion reply infbrmatton, and trans- 
mits the message. The foreign agent and the home 
agent control the transfer of a packet transmitted or 



580 A2 8 

received by the mobile node according to the servtee 
profile Infonrtation contained In the message received 
from the authentication server. 
[0036] In the above described method, a servtee 
profile Is distributed only to a home agent of a mobile 
node and a foreign agent accommodating the mobile 
node. Therefore, even If the nunnber of mobile nodes 
Increases, the volume of the service control Infornnation 
to be set In each agent can be relatively small. In addi- 
tion, a mobile node can receive various value-added 
servtees after It Is moved to an optional piac& 
[0037] According to another method of the present 
Invention, that is, In a mobile communications serme 
method of providing a communtoations service for a 
mobile node, an authentication server receives a mes- 
sage containing locatton registration request Infonna- 
tion from a mobile node. The authentteation server 
transmits a message containing service profile Informa- 
tion to an agent according to the message containing 
the location registration request infonnatiDn. The agent 
controls the transfer of a packet transmitted or received 
by the mobile node according to the service profile infor- 
mation contained In the message received from the 
authentication server, in the above described method, 
the 8ervk» profile information con^sponding to the 
mobile node Is distributed to a predttemnined agent 
using the message used In a location registration proce- 
dure of a mobile node. Therefore, the overhead for dis- 
tributing the servKe profile information can be 
minimized. 

[P038] The system according to a furtiier embodi- 
ment of the present invention Includes: a foreign agent 
for transferring to a correspondent node a packet 
receh^ed from a mobile node and addressed to the cor- 
respondent node, and decapsuling a received capsuled 
packet from a home agent or the correspondent node 
and transfanrlng the decapsuled packet to the mobile 
node; and a home agent for transmitting a packet 
received from the con^espondent node to the foreign 
agent after capsuling the packet, and notifying the cor- 
respondent node of a care-of address for the mobile 
node and service profile Information about the mobile 
node by incorporating the care-of address and the infor- 
mation into a binding update message, a packet transfer 
route from the correspondent node to the mobile node is 
optimized according to the binding update message 
received from the home agent With the configuration, 
the transfer route can be optimized by the home agent 
notifying the communications node of the care-of 
address of the mobile node using tiie binding update 
message. 

[0039] The home agent apparatus according to the 
present Invention receives a message containing loca- 
tion raglstratksn request Information from a mobile node, 
and reglstere the location of the mobile node. When a 
message containing location registration request infor- 
mation Is received from each mobile node, tiie message 
containing the tocation registratton request Infbrmation 
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is transmitted to an authentication server. When a mes- 
sage containing registration rapiy Infonnation In 
response to the message containing the registration 
request Information and service profile Information is 
received, service control infonnation is set according to 5 
the registration reply Information and the servbe profile 
infonnation, and a packet transmitted and received Isy 
the mobile node through a home agent Is transTeroon- 
trolled according to the service profile infonnation. With 
the configuration, a home agent provides a value-added w 
service for a mobile node according to a service profile 
distributed by an authentication server. 
[0040] The authentication apparatus according to 
the present invention transmits a corresponding mes- 
sage after receiving a message containing location reg- is 
istrstion request information from a mobile node. 
[0041] A message containing location registration 
request Information is received from a mobile node, 
and, according to tiie message, a message containing 
service profile information required for a value-added so 
service provided for the mobile node Is transmitted to an 
agenL WItii the configuration, tiie message for use In a 
location registration procedure contains servbe control 
Infonnation, and is then distributed, tiiereby reducing 
the traffic. 2S 
[0042] TTie system according to a furtiier embodi- 
ment of the present invention Includes a database for 
managing a service profile containing information for 
use in providing a service requested by a mobile node, 
a plurality of agents each of which can manage one or 30 
more addresses, and can accommodate a mobile node, 
and an authentication server authenticating a mobile 
node. A home agent which Is an agent for managing an 
address of the mobile node Includes a request unit for 
issuing an authentbation request to the authentication 35 
server upon receipt of a location registration request 
from the mobile node. The authentication server 
Includes an extraction unit for extracting a service profile 
coresponding to the mobile node from the datatnse 
upon receipt of the authentication request, and a reply 40 
unit for transmitting to the home agent the servbe pro- 
file extracted by the extraction unit together wtth an 
authentication reply con*espondlng to the authentication 
request The home agent provides a service according 
to the service profile received from the authentication 45 
server. 

[0043] With the conflgu ration, even If a mobile node 
is accommodated In a home agent, the mobile node can 
be authenticated, and a service profile corresponding to 
the mobile node can be distributed to the home agent so 
from the authentication server. Therefore, an illegal 
login using a mobile node can be avoided, and a mobile 
node can be provided wttii various value-added serv- 
ices regardless of whether the mobile node Is located In 
a communications area of a foreign agent or In a com- ss 
munbations area of a home agent. 
[0044] The system according to a furtiier embodi- 
ment of tiie present invention Includes the database, a 
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plurality of agents, and an authentication server. A 
home agent which is an agent for managing an address 
of the mobile node includes a request unit for Issuing an 
authentbation request containing the iocationai infor- 
mation about tiie mobile node to the autiientlcation 
server upon receipt of a location registration request 
from tiie mobile node; and a registration unit fbr regis- 
tering the location of the mobile node according to a 
iocatbn rBgistratbn request transmitted from the 
authentbation server. The autiientbation server 
includes an extraction unit for extracting a service profile 
corresponding to tiie mobile node from the database 
upon recent of the authentication request, and a reply 
unit for transmitting to tiie home agent a location regis- 
tration request containing iocationai information 
received from the home agent, the authentication reply 
corresponding to the autiientication request, and the 
service profile extracted by the exfa^on unit The 
home agent provides a service according to the service 
profile received from the authentication server. Wltii the 
configuration, various value-added services can be pro- 
vided by a home agent based on a general-purpose 
Iocatbn registration procedure. 
[0045] In the system according to a furtiier embodi- 
ment of the present invention, the request unit notifies 
tiie authentication server of the Infonnation specifying 
one of a first procedure and a second procedure. Upon 
receipt of the Infonnation specifying the first procedure 
from tiie request unit, the reply unit transmits tiie 
authentbation reply and the service profile to the home 
agent Upon receipt of the infonnation specifying the 
second procedure from the request unit, the reply unit 
transmits to tiie home agent a location registration 
request for use In registering the location of the mobile 
node, the authentication reply, and the servbe profile. 
When the first procedure is specified, the home agent 
registers the location of the mobile node based on the 
registration request transmitted from tiie mobile node. 
When the second procedure is specified, the home 
agent registers tiie bcation of the mobile node based on 
ttie location registration request from the authentication 
server. With the configuration, when a servbe profile is 
distributed from an authentication server to a homo 
agent, one of a general-purpose location regisfaiation 
procedure and a simple variation of the procedure can 
be selected. 

[0046] In the system according to a further embodi- 
ment of the present invention, tiie home agent includes 
tiie fun<dbn of a foreign agent With the configuration, 
tiie mobile node can be authenticated regardless of 
wh^herthe mobile node Is located in acommunbations 
area of a foreign agent or in a communications area of a 
home agent 

[0047] In another mobile communications servbe 
metiiod according to the present invention having a 
database for use in managing a servbe profile contain- 
ing the infonnation used to provide a service requested 
by a mobile node, a plurallly of agents each of whbh 
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can aocommodate a mobile node, and an authentica- 
tion server authenticating a mobile node, and providing 
a communications service for a mobile node. An agent, 
which receives a reglstrHtion request from a mobile 
node, transmits an authentication request to the authen- $ 
tication server. The authentication server extracts a 
service profile corresponding to the mobile node from 
the database, and transmits to the agent the service 
profile together with an authentication reply correspond- 
ing to the authentication request The agent provides a w 
service according to the service profile received from 
the authentication server. In this method, In the proce- 
dure of authenticating a mobile node, a service profile 
corresponding to the mobile node is distributed to an 
agent Therefore, the mobile node can receive various /5 
value-added services at any place to whbh the mobile 
node Is moved. 

[0046] Another method according to the present 
invention provides a communications service for a 
mobile node in a system having the dateibase, the plu- 20 
rail^ of agents, and the authentication server. An agent, 
which receives a registration request from a mobile 
node, registers the location of the nfioblle node based on 
the registration request, and transmits an authentication 
request to the authentication server. The authentication 25 
server extracts a service profile corresponding to the 
mobile node from the database, and transmits to the 
agent the service profile together with an authentication 
reply corresponding to the authentication request The 
agent provides a service according to the service profile 30 
received from tiie authentication server. 
[0049] A further method according to the present 
invention provides a communications service for a 
mobile node In a system having the database, the plu- 
rality of agents, and the authentication server. An agent, 3S 
Which receives a registration request from a mobile 
node, transmits an authentication request containing 
tiie iocationai Information about the mobile node to the 
authentication server. The authentication server trans- 
mits to the agent a location registration request contain- 40 
Ing the Iocationai information received from the agent 
The agent registers the location of the mobile node 
based on the location registration request received from 
the authentication server, and transmits a registration 
reply corresponding to the location registration request 4s 
to the autiienticadon server. The authentication server 
transmits an authentication reply corresponding to the 
authentication request to the agent The authentication 
server extracts a service profile con^ponding to the 
mobile node from tiie database, stores the service pro- so 
file in at least one of the location registration request 
and the authentication reply, and then transmits the 
service profile to the agent The agent provides a serv- 
ice according to the servbe profile received from the 
authentication server. ss 
[0050] In the above-described two methods, since a 
service profile corresponding to a mobile node is distrib- 
uted to an agent in the location registration procedure. 



the mobile node can receive various value-added serv- 
ices at any place to which It Is removed. 
[0051] A further method according to the present 
Invention provides a communications service for a 
mobile node in a system having tiie database, the plu- 
rality of agents, and the authentication server. An 
authentication request message requesting the autiien- 
tication server to autiienticate the mobile node Is trans- 
mitted from an agent accommodating a mobile node. A 
service profile coniesponding to the mobile node Is 
extracted from the database. The extracted service pro- 
file Is stored In an authentication reply message corre- 
sponding to the authentication request message. The 
authentication reply message is transmitted from tiie 
authentication server to an agent accommodating the 
mobile node. The agent accommodating the mobile 
node provides a service for the mobile node according 
to the service profile stored In the authent'ication reply 
message. In this method, when a mobile node enters a 
communications area of an agent, a service profile cor- 
responding to the mobile node is distributed to the agent 
In the authentication procedure of the mobile node. 
Therefore, the mobile node can receive various value- 
added services at any place to which it Is moved. 
[0052] A further method according to the present 
Invention provides a communications service for a 
mobile node in a system having the database, the plu- 
rality of agents, and the authentication server. An 
authentication request message containing Iocationai 
Infonnation about the mobile node Is transmitted from 
an agent accommodating a mobile node to the authen- 
tication server. A service profile conresponding to the 
mobile node is extracted from the datat>ase. The 
extracted service profile Is stored in tiie location regis- 
tration request message for use in registering the loca- 
tion of the mobile node. The tocation registration 
request message is transmitted from the authentication 
server to an agent, which has to recognize a location 
the mobile node. The agent, which receives the location 
registration request message, provides a service for the 
mobile node according to the service profile. In this 
method, in the procedure of registering the location of a 
mobile node in a home agent, a service profile conie- 
sponding to the mobile node Is disti'lbuted to the home 
agent. 

[0053] The home agent apparatus according to 
another embodiment of the present Invention Is one of a 
plurality of agents in a system having the database, the 
plurality of agents, and the authentication server A first 
generation unit generates a visitor li^ for a mobile node 
upon receipt of a location registration request from the 
mobile node. A request unit transmits an authentication 
request to the autiientication server to authenticate tiie 
mobile node. A second generation unit generates a 
mobill^ binding for the mobile node upon receipt of a 
service profile coniesponding to the mobile node 
extracted from the database and an authentication reply 
corresponding to tiie authentication request from the 
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authentication server. A service control unit provides a 
service for the mobile nods using the service profile, the 
visitor list, and the mobility binding receh^ed from the 
authentication server. With the configuration, the home 
agent apparatus can have the function of the conven- 5 
tional home agent apparatus, and the function of a for- 
eign agent. 

[0054] The above described configurations and 
methods according to the present invention can be used 
in combination as much as posslbla 10 

Brief ExpianfitlQn Qf thg Prawlngs 

[0055] 

15 

FIG. 1 is the outline of the configuration of the net- 
work according to the present Invention; 
FIG. 2 Is a blocl( diagram showing the function of 
the present invention; 

FIG. 3 is a biodc diagram of the functions of a home 20 
agent (HA) and a foreign agent (FA); 
FIG. 4 Is an explanatory view of a control table of 
the service control transaction of an FA; 
FIG. 5 is an explanatory view of a control table of 
the service control transactiDn of an HA; 25 
FIG. 6 Is an example of the any-cast address bind- 
ing table; 

FIG. 7 Is an example of a routing table; 

FIG. 8 Is an example of a binding cache; 

FIG. 9 Is an example of a service control filter; 30 

FIG. 1 0 Is a flowchart of the operations of an FA and 

an HA; 

FIG. 11 is an example of a control request mes- 
sage; 

FIG. 12 Is an exEmnple of a control reply message; 35 
FIG. 13 Is a block diagram of the function of an 
AAAF (authentication, authorization, and account- 
ing foreign); 

FIG. 14 is an example of the control block of a serv- 
ice control transaction of an AAAF; 40 
FIG. 15 Is an example of an HA assignment man- 
agement table; 

FIG . 1 6 Is a flowchart of the operations of an AAAF; 
FIG. 17 is a block diagram of the function of an 
AAAH (authentication, authorizationp and account- 4s 
ing Home); 

FIG. 1 8 Is an example of the control block of a serv- 
ice control transaction of an AAAH; 
FIG. 19 Is an example of an any-cast address man- 
agement table; so 
FIG. 20 is an example of service infonriation stored 
in a servk» control database; 
FIG. 21 Is an example of a control block stored In a 
service control database; 

FIG. 22 Is a flowchart of the operations of an AAAH; S5 
FIG. 23 Is a block diagram of the functions of a cor- 
respondent node; 

FIG. 24 is a flowchart of the operations of a come- 



spondent node; 

FIG. 25 shows the initial location registration 
sequence set when an AAAH assigns an HA; 
RG. 26 shows the initial location registration 
sequence set when an AAAF assigns an HA; 
RG. 27 shows the distribution sequence of trans- 
mitting and receh^lng a packet between a mobile 
tennlnal and a correspondent node; 
RG. 28 shows an example (1) of the movement of 
a mobile terminal; 

RG. 29 shows the sequence when a mobile tennl- 
nal Is moved as shown In FIG. 28; 
RG. 30 shows an example (2) of the movement of 
a mobile tennlnal; 

FIG. 31 shows the sequence when a mobile termi- 
nal b moved as shown In FIG. 30; 
RG. 32 is an example of the NAI (Network Access 
Identifier) registration table of the mobile tennlnal of 
an FA; 

RG. 33 is an example of a prefix table of an NAI; 
FIG. 34 shows an example (3) of the movement of 
a mobile tennlnal; 

RG. 35 shows the sequence when a mobile tennl- 
nal is moved as shown In FIG. 34; 
RG. 36 shows an example of the configuration of a 
network designed when an ANYCAST service Is 
registered; 

RG. 37 shows the sequence when a mobile node 
participates In an ANYCAST servtee; 
RG. 38 shows the distribution sequence of a packet 
transmitted using an ANYCAST servtee; 
RG. 39 shows the distribution sequence of a data 
packet when packet filtering Is applied; 
FIG. 40 shows an example of a servtee control 
transaction generated tiy a home agent; 
RG. 41 Is a flowchart of tiie operattons of a mobile 
^ent (including an HA and an FA); 
RG. 42 Is a table showing tiie comespondence 
between a received message and a service control 
transaction in the process shown in FIG. 41; 
FIG. 43 Is a table showing tiie con^espondence 
between a received message and a transmission 
message In the process shown in FIG. 41; 
FIG. 44 is a flowchart of the operations of an AAAH; 
RG. 45 Is a table showing the correspondence 
between a receh/ed message and a transmission 
message In the process shown In FIG. 44; 
RG. 46 is a table showing an example of the divi- 
sions of servtee profile Information; 
RG. 47 shows an example of a user profile; 
RG. 48 shows the sequence of locatton registration 
by a normal procedure; 

FIG, 49 shows the sequence of locatton registration 
by a simplified procedure; 
RG. 50 shows the procedure (1) of distributing a 
service profile; 

RG. 51 shows the procedure (2) of distributing a 
service profile; 
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FIG. 52 shows the procedure (3) of distributing a 
service profile; 

FIG. 53 shows a procedure of distributing a data 
paclcet; 

FIG. 54 shows the fbmfiat of the MOBILE-IP mes- 5 



FIG. 55 shows the format of the iP header; 
FIG. 56 shows the format of the UDP header; 
FIG. 57 shows the format of the registration request 
message of the MOBiLE-iP; io 
FIG. 58 shows the format of the 'REGISTFWiON 
REQUEST of the registration request message of 
the MOBII^-iP; 

FIG. 59 shows the format (1) of the extension area 

of the registration request message; 15 

FIG. 60 shows the format (2) of the extension area 

of the registration request message; 

FIG. 61 shows the format (3) of the extension area 

of the reg'stration request message; 

FIG. 62 shows the format of the 'REGISTRATION 20 

REPLY' of the registration reply message of the 

MOBiLE-IP; 

FIG. 63 shows the fonnat of the 'BINDING 
UPDATE' of the IVIOBILE-IP; 

FIG. 64 shows the format of the 'BINDING 25 
ACKNOWLEDGE" of the MOBiLE-IP; 
FIG. 65 shows the fonnat of a DIAMETER mes- 
sage; 

FIG. 66 shows the fomnat of the common header of 
a D I Al^ ETE R message; 30 
FIG. 67 shows the basic format of the AVP 
(attribute value pair) of a DiAIMETER message; 
FIG. 68 shows the format of the 'DiAIVIETER-COM- 
ly^AND AVP of a DIAMETER message; 
FIG. 69 shows the format of a common AVP other 35 
than a command of a DIAMETER message; 
FIG. 70 shows the format of an AMR (AA-Moblle- 
Request) message of the DIAMETER protocol; 
FIG. 71 shows the format of an IHAR (Home-Agent- 
Mip-reglstration Request) message of the DIAME- 40 
TER protocol; 

FIG. 72 shows the format of an AMA (authentica- 
tion reply(AA-Mobile Node-Answer))m6Ssage of 
the DIAMETER protocol; 

FIG. 73 shows the format of an HAA (IHome Agent 4b 
registration reply) message of the DIAMETER pro- 
tocol; 

FIG. 74A shows tiie fomiat of an AMU message of 
the DIAMETER protocol; 

FIG. 74B shows the format of the 'MiP BINDING so 

UPDATE AVP of the DIAMETER protocol; 

FIG. 75A shows the format of an AM Ac message of 

the DIAMETER protocol; and 

FIG. 75B shows the format of tiie 'MIP BINDING 

ACKNOWLEDGE AVP' of the DIAMETER mes- ss 

sage. 



DETAILED DESCRIPTION 

[0056] The embodiments of the present Invention 
are described below by refon^lng to the attached draw- 
ings. 

1. Outiine of the present invention 

2. Entire configuration of the present Invention 

3. FA (foreign agent) / i-lA (home agent) of tiie 
present Invention 

3.1 Outiine of FA/HA 

3.2 Configuration of FA/HA 

3.3 Sen/Ice control transaction of FA 

3.4 Service control transaction of HA 

3.5 Any cast address-binding table 

3.6 Routing table 

3.7 Binding cache 

3.8 Service control filter 

3.9 Process flow of FA/HA 

4. AAAF according to the present Invention 

4.1 Outiine of AAAF 

4.2 Configuration of AAAF 

4.3 Process flow of AAAF 

6. AAAH according to the present Invention 

6.1 Outiine of AAAH 

5.2 Configuration of AAAH 

6.3 Process flow of AAAH 

6. ON according to the present Invention (Con^- 
spondent node] 

6.1 Outiine of CN 

6.2 Configuration of CN 

6.3 Process flow of CN 

7. Providing Drff-Serv 

8. Process Sequence of the system according to 
the present invention 

8.1 Dynamic Assignment of HA 

8.2 In acase where AAAH specifies HA 

8.3 In a case where AAAF specifies HA 

8.4 Setting service control transaction In FA 
8.6 Distributing data packet 

8.6 In a case where a mobile node is moved to 
the communications area of an FA In an AAAF 
(authentication, authorization, and accounting 
foreign) to the communications area of anotiier 
FA In the same AAAF (case 1 ) 

8.7 In a case where a mobile node is moved to 
the communications area of an FA In an AAAF 
to the communications area of anotiier FA In 
the same AAAF (case 2) 
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8.B In a case where a mobile node Is moved 
from a foreign agent n^ork of an AAAF to a 
fbreign agent network of another AAAF 

8.9 Example of the configuration of the network 

In the any-cast servrce 5 

8.10 Any-cast reglstnsdon sequence 

B.1 1 Packet dlstributton to any-cast address 
8.12 Packet filtering In HA 

9. Home ^ent having the function of a foreign to 
agent 

9.1 Explanation of operations 

9.2 Embodiments 

IS 

1 . Outline of the present invention 

[0057] Before explaining the embodiments of the 
present invention, the outline of the present Invention Is 
explained by refeningto FIGS. 1 and 2. 20 
[0058] According to the present Invention, a mobile 
terminal 600 and a stationary terminal 700 (the mobile 
terminal 600, the stationary terminal 700, and a terminal 
having the functional equivalent to the functions of the 
mobile termi nai 600 and the stationary terminal 700 are 25 
hereinafter referred to as mobile nodes) are subscribers 
of a home agent (HA) 200. In this example, the mobile 
node 600 has been moved from the communicattons 
area of the l-IA 200 of a home network 1 0 to the commu- 
nications area of a foreign agent (FA) 500 of a foreign so 
network 40. At this time, when the mobile node 600 
Issues a connection request to the i-IA 200 through the 
FA 500, It Is necessary to authenticate whether or not 
the mobile node 600 is a subscriber of the iHA 200. 
Described below Is the procedure of authenticating the 38 
mobile node 600. 

[0059] Rrst, the mobile node 600 transmits a loca- 
tion registration request message to tiie FA 500 In the 
foreign network 40. Upon receipt of the location regis- 
tration request message, the FA 500 capsules the mes- 40 
sage to generate an authentication request message, 
and transmits It to the authentication request server 
(hereinafter refenedto as an AAAF). 
[0060] The AAAF 400 determines an authentk:ation 
process server (hereinafter refen^d to as an AAAii also 45 
auUienticatlon, authorization, and accounting Home) in 
charge of the authentication of the received authentica- 
tion request message, and transmits tiie message to an 
AAAIH 100. The AAAH 100 autiienticates the mobile 
node 600 according to tiie received authentication so 
request message. 

[0061 ] Th us, the AAAF 400 receives a locatton reg- 
istration request message from tiie FA 500, generates 
an authentication request message for the received 
message, requests an appropriate AAAH 100 to ss 
authenticate the mobile node, and receives the result of 
the authentication. On the other hand, the AAAH 1 00 Is 
an authentication process server for autiientlcating, 



authorizing, and accounting of a mobile node accom- 
modated in the home network 10. Normally, the data- 
base (a service control database 300) accessible by tiie 
AAAH 100 stores and manages the Infbrmatton about 
tiie authentication, the authorization, and the account- 
ing of a subscriber. In the embodiments of the present 
invention, tiie AAAF 400 and tiie AAAH 100 can be 
referred to as an autiientication server. 
[0062] The outilne of the flow of a control signal 
when tiie location of a mobile node is registered In the 
HA 200 and the process performed kiy the AAAF 400 
and tiie AAAH 100 Is described below by refenlng to 
FIG. 1. in FIG. 1, each servne control transaction is 
Shown outside tiie FA 500, tiie AAAF 400. tiie AAAH 
1 00, and the HA 200 for easier explanation. 

1. The HA 200 and m 500 periodically outputs an 
agent advertisement message (mobile IP mes- 
sage). The mobile node 600 recognizes the home 
agent or the foreign agent which accommodates 
tiie mobile node 600 by receiving tiie agent adver- 
tisement message from the HA 200 or the FA 500. 
2 When the mobile node 600 is moved outside the 
communications area of tiie HA 200 managed by a 
contract provider (servk:e provider 10), it transmits 
a location registration request message In 
response to the agent advertisement message 
transmitted from the FA 500 of the provider in the 
communrcations area where the mobile node 600 
enters. 

3. When tiie FA 500 received the registiBtion 
request message from the mobile node 600, it 
transmits an AiWR (AA-iWobile-Request) message 
to tiie AAAF (autiientication, authorization, and 
accounting foreign) 400 through an IP networiiBO. 

4. The AAAF 400 extracts necessary Infonnation 
for authentication from the received AMR (AA- 
Mobile-Request) message, and determines tiie 
AAAH (authentication, authorization, and account- 
ing home) 1 00 in charge of the authentication of the 
mobile node 600. Then, it transmits the AMR mes- 
sage to tite AAAH 1 00 tiirough tiie IP networic 80. 

5. The AAAH 100 retrieves the necessary infonna- 
tion for authentication from the received AMR mes- 
sage, and performs an authenticating process. At 
tills time, it extiBcts a mobile node ident'rfier (NAI: 
nehMoric access Identifier) for use in identllying the 
mobile node from the AMR message, and retrieves 
a corresponding user profile (6ervk:e profile Infor- 
mation) from the service control database 300 
using the NAI as a key. 

If tiie AAAH 1 00 has succeeded In the autiien- 
tication of tiie AMR message, then It adds the serv- 
ice profile Information extracted from the service 
control database 300 to an HAR (Home Agent reg- 
istration request) message, and transmits the mes- 
sage to tiie HA 200 through the IP network 80. The 
HAR message Is obtained by capsuling the location 
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registrntion request message from the mobile node 
in a packet. 

The HA 200 can comprise a pluraPity of HAs. 
When one logical HA Is formed by a plurality of 
HAs, the load of the HA 200 can be appropriately 5 
distributed. The HA 200 comprising a plurality of 
HAS functions as one HA In processing a data 
packet transmitted from a terminal device (a mobile 
node). However, the AAAH 100 and the AAAF 400 
can Identify each of the plurality of HAs, and Issue w 
an Instruction to each of them. Furthemnora, when 
the HA 200 comprises a plurality of HAs, the AAAH 
100 CEm specify one of the plurality d HAs, and 
transmit the HAR (Home Agent registration 
request) message to the specified HA through the 15 
IP network 60. In additk^n, the AAAF 400 can spec- 
ify the HA 200 for the AAAH 100, generate an HAR 
message from an AMR message, and transmit the 
message to the specified HA 200 through the IP 
network 80. 20 

6. The HA 200 retrieves the Information such as a 
session ID, a nfetime, etc. from the received HAR 
message, and registers the location of the mobile 
node 600. That Is, the HA 200 extracts from the 
received HAR message the necessary Informatton 25 
for transferring a packet addressed to the mobile 
node 600 to the new destlnafton, and generates 
service control Infbnnatlon (a location reglstratton 
table of a service control transaction 230). Then, it 
returns the resultto the AAAH 100 or the AAAF 400 30 
through the IP network 80 in an HAA (Home Agent 
reglstTBtion reply) message. 

7. Upon reoeiptof an HAA message, the AAAH 100 
extracts from the previously received AMR mes- 
sage or the user profile the necessary Information, 35 
generates service control Information (the iocatton 
registration table of a servk:e oontroi transactton 
120), and transmits an AMA (authentication 
reply(AA*Mobile Node-Answer)) message in 
response to the AMR message to the AAAF 400 40 
through the IP network 80. At this time, the service 
profile infonnation Is transmitted being stored In the 
AMA (authentlcatton repiy{AA-Moblie Node- 
Answer)) message. 

8. The AAAF 400 extracts necessary Information 4s 
from the AMA nnessage, generates servtee control 
infonnafion (the service profile table of a service 
control transaction 420), and transmits the received 
AMA message to the FA 600 through the IP net- 
work 80. so 

9. The FA 600 extracts necessary Information from 
the received AMA message, generates servbe 
control Information (the service profile table of a 
service control transaction 530), generates a regis- 
tration reply message according to the AMA mes- ss 
sage, and transmits It to the mobile node 600. 
When the nrmblle node 600 recehres the registration 
reply message, the procedure of registering the 



current location of the mobile node 600 In the HA 
200 is completed. Afterwards, the FA 500 refers to 
the received service control information, and pro- 
vides a value-added servk:e, as provided by the 
PBN, for the mobile node 600 connected to the for- 
eign network 40. 

Thus, since the HA 200 constantly manages 
the current location of the mobile node 600, a 
packet addressed to the mobile node 600 from 
another terminal, server, etc. Is transf^n^d to the 
mobile node 600 from the HA 200 through the FA 
500. At this time, since a service control profile has 
been distributed from the AAAH 100/AAAF 400 to 
the FA 500 (and the HA 200), a value-added serv- 
ice as provkJed by the PBN Is provided for the com- 
munlcatk)ns between the mobile node 600 and Hs 
comespondent node. 

Then, the outline of the flow of the control sig- 
nal and the process perfomried by the AAAH 100 
when the location of the mobile node 600 Is regis- 
tered in the liA 200 In the home network 10 Is 
described below by refening to FIG. 1 . 

10. if the mobile node 600 receives the agent 
advertisement message (mobile IP message) from 
the IHA 200, it recognizes that It is located In the 
communications area of the HA 200. 

11. Upon receipt of the agent advertisement mes- 
sage transmitted from the HA 200, It transmits a 
location registration request message In retum. 

12. Upon receipt of the registration request mes- 
sage from the mobile node 600, the HA 200 trans- 
mits an AMR (authentication request) message to 
the AAAH (authentication, authorizatkin, and 
accounting home) 1 00 through the IP network 80 to 
parfbrm an authenticating process, an authorizing 
process, an accounting process, etc. according to 
the registration request message. 

13. The AAAH 100 performs an authenticating 
process by retneving necessary irrformation for 
authentication from the received AMR message. At 
tills time, It extracts a mobile node Identifier (NAI) 
for use in Mentifying the mobile node from the AMR 
message, and retrieves a user profile (location reg- 
istration information) corresponding to the NAI from 
the service control ctetabase 300 using the NAI as a 
key. Furttiennore, if the AAAH 100 successfully 
authentteates the AMR message, it adds the k)ca- 
tion registration Information to the HAR message, 
and transmits It to the 1^ 200 through the IP net- 
wori< 80. As described above, the HA 200 can com- 
prise a plurality of HAs. 

14. The HA 200 retrieves the infbnmation such as a 
session 11^ a lifetime, etc. from the received HAR 
(Home-Agent-Mip- Request) message, and regis- 
ters the location of the mobile node 600. That is, the 
HA 200 extracts from the HAR message the neces- 
sary Infonnation for transfening ttie pactet 
addressed to tiie mobile node GOO to the new desti- 
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nation, and generates service oontrol Information 
(the servica profile labie of the service control 
transaction 230). Then It returns the result to tiie 
AAAH 100 through tha IP network BO using the 
HAA message. 5 
16. Upon receipt of the HAA massage, tiia AAAH 
100 extracts the necessary Infomiation from tiie 
received AMR message or the user profile, gener- 
ates service control Information (the service profile 
table of the service control transaction 120), and io 
transmits an AMA (autiientication reply) message 
to ttie HA 200 tiirough tiie IP networic 80. At tills 
time, tiie service profile 1nf6mr»tion is transmitted 
being stored In the AMA (AA-Moblle-Node-Answer) 
message. is 
1 6. Hie HA 200 extracts the necessary infonnation 
from tiie received AMA message, generates serv- 
ice control infonnation (the servbe profile table of 
the service control transaction 230), generates a 
registration reply message according to the AMA 20 
message, and transmits it to the mobile node 600. 
When the mobile node 600 receives the registration 
reply message, the procedure of registering the 
cun-ent location of the mobile node 600 Is com- 
pleted. Then, the HA 200 refers to the service con- 25 
trol infonnation obtained from the AAAH 100, and 
provides a value-added service (for example, QoS, 
etc.) for the mobile node 600 connected to the 
home networic 10. 

Thus, when the mobile node 600 is connected 30 
to tiie HA 200, a value-added service equivalent to 
the service provided by the PBN is provided for the 
communications between the mobile node 600 and 
the comespondent node. 

Another modification of the above description, 35 
the AAAH 100 adds to the HAR message the serv- 
ice profile information which Is equal to service pro- 
file Infomnatlon contained in the AMA message. The 
HA 200 receives the HAR message and adds the 
sen/be profile Information contained in the HAR 40 
message to the HAA message. In this case, the 
AAAH 1 00 does not have to newly add the service 
profile message to tiie AMA message. 

2. Entire configuration of the present Invention 4s 

[0063] FIG. 2 is a block diagram showing each func- 
tion of the present invention, in FIG. 2, the service pro- 
vider (home networic) 1 0, the access provider (foreign 
network) 40, and a correspondent node 90 are Intercon- so 
nectedthrough the IP networic 60 and a MIP (mobile IP). 
[0064] A service provider (home network) 10 
Includes the HA (home agent) 200, the AAAH (authenti- 
cation, authorization, and accounting home) 100 and 
the service control database 300. For example, an AAA ss 
(authentication, authorization, and accounting) proto- 
col, etc connects the AAAH 1 00 to at least one HA 200. 
They can also be connected through the IP network 80. 



The AAAH 100 and tiie HA 200 can be mounted In one 
apparatus. In this case, they can be connected through, 
for example, a bus. Similar^, tiie AAAF 400 and tiie FA 
500 can also be mounted In one apparatus. 
[0065] TTie AAAH 100 Is connected to tiie sen/ice 
control database 300 through a database protocol, for 
example, a LDAP (light directory access protocol), etc. 
They can also be connected through a bus, or the IP 
network 80. In the service control database 300, for 
example, the Information about a mobile temilnal, a sta- 
tionary tennlnal, or the users of tha terminals, tha 
packet filtering Infomnation for prohibiting the access to 
harmful WWW Information, etc, the security informa- 
tion, tiie Diff-Serv relevant information, etc. are stored. 
A practical example of the service control database 300 
is described later. 

[00^] TTie AAAH 1 00 can obtain tiie servtee profile 
information about a mobile terminal, a stationary termi- 
nal, users, etc. from the sennce control database 300 
using a database search protocol such as an IDAP, etc. 
[0067] The AAAH 100 Is connected to tiie AAAF 
(autiientication, authorization, and accounting foreign) 
400 tiirough, for example, an AAA (authentication, 
authorizatton, and accounting) protocol. They can also 
be connected using the IP network 80. in addition, the 
AAAF 400 is connected to the FA 500 through, for 
example, an AAA protocol. They can also be connected 
through the IP network 80. Furthermore, the mobile 
node 600 is connected to the FA 500 tiinough an MIP 
(mobile IP). 

[0068] As shown in FIG. 2, tiie mobile node 600 Is 
located outskJe the communteations area provided by 
tiie contract service provider 10 of a user of the mobile 
node 600, but in tiie communk:ations area provkied by 
the foreign network 40, and Is connected to the FA 500 
tiirough a MIP (mobile IP). 

[0069] The AAA protocol shown In FIG. 2 Is a proto- 
col wWely used In the AAA system. However, an availa- 
ble protocol is not limited to this type according to the 
present Invention. According to an embodiment of the 
present invention, however, It is assumed that a DIAME- 
TER protocol being studied by the IETF Is avBilat)le. 
[0070] An AAA protocol is a protocol for transmitting 
the infonnation about authentication, authorization, 
accounting, and policy. When the information specific to 
the present Invention is transmitted and received among 
the FA 500, tiie AAAF 400, the AAAH 100, and the HA 
200, an extendable attribute parameter referred to as an 
AVP (attribute value pair) prescribed by the DIAMETER 
protocol, and an area specified tsy the parameter are 
used. An extendable etblbute is the policy of servbe 
control, and the relevant information. 
[0071] FIGS. 54 tiirough 64 show the fomnat of a 
message used by the protocol of the MIP (mobile IP). 
FIGS. 65 tiirough 75 show the format of a message 
used by the DIAMETER protocol. 
[0072] FIG. 54 shows ttie fomnat of a Mobile IP 
message. 
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[0073] FIG. 55 shows the format (version 4) of the 
IP header shown In FIG. 54. The TOS (type of service) 
value l8 set In the ninth bit of the first line of the IP 
header. 'Source Address* specifying a source address 
and 'Destination Address* specifying a destination 5 
address are set in the fourth and fifth lines, respectively. 
FIG. 56 8how8 the format of the UDP header ehown In 
FIG. 54. In the first line of the UDP header, 'Source Port 
specifying a source port and 'Destination Porf specify- 
ing a destination port are set to 
[0074] FIG. 57 shows the fonnat of the registration 
request message of the IP. FIG. 58 shows the fomnat of 
'Registration Requesf of the registration request mes- 
sage shown in FIG. 57. A lifetime is set in the first line, a 
home address Is set In the second tine, a home agent 15 
address Is set in the third line, a care-of address is set 
In the fourth line, an Identification Is set In the fifth line, 
and an extension area Is set In the sixth and the subse- 
quent lines. 

[0075] FIG. 59 shows the format of tha 'IMoblie 20 
Node rslAl Extension' set in the extension area shown In 
FIG. 58. 'MN-NAI' Identifies a mobile node accommo- 
dated by the IHA 200 or the FA 500. 
[0076] FIG. 60 shows the format of the 'Previous 
Foreign Agent Notification Extension' set in the exten- 25 
sion area shown in FIG. 57. A cache ilfotime (Cache 
Lifetime} Is set In the first line, a previous foreign agent 
address (Previous Foreign Agent Address) is set In the 
second line, and a new care-of address (New Care-of 
Address) is set in the third line. 30 
[0077] FIG. 61 shows the fonnat of 'Mi\A-AAA 
Authentication Extension' set In the extension area 
shown In FIG. 58. 'SPI' Is a security parameter index 
spedtying the algorithm, etc. used between a mobile 
node and an AAA. An 'authenticator' is a value refen^ed 3S 
to when a mobile node Is authenticated using an 'SPI'. 
[007B] FIG. 62 shows the fonmat of the nagistratlon 
reply message. A lifetime is set in the first line, a home 
address is set In the second line, a home agent is set in 
the third line, an identifier Is set in the fourth and fifth 40 
lines, and an extension area Is set in the sixth and the 
subsequent lines. 

[0079] FIG. 63 Shows the fornnat of 'Binding Update' 
of the MBU (mobile-IP binding upctete) message used 
among foreign agents. FIG. 64 shows the fonnat of 45 
'Binding Acknowledge*, in the second line, a mobile 
node address Is set in the third and fourth line, an Iden- 
tification Is set. 

[oraO] FIG. 65 shows the format of a DlAJ^ETHR 
message. A DIAiy^ETER message Is formed by setting a so 
DIAMETER header Immediately after the IP header and 
the UDP header, and setting a group of AVPs (attribute 
value pains) of DiAi\^ETER after the DIAMETER header. 
[0081] FIG. 66 shows the fonnat of a common 
header of the DIAMETER message. An identifier is set ss 
In the second line. A group of AVPs are set In the fourth 
and the subsequent lines. 

[0082] FIG. 67 shows the basic fonnat of the AVR 



[0083] FIG. 68 shows the AVP format of a DIAME- 
TER command when '256i Is set as Em AVP code in the 
first line in the basic fonnat shown In FIG. 67. A code 
corresponding to the message is set as a command 
code. 

[0084] FIG. 69 shows a common fonnat In which an 
AVP code other than a command Is set In the basic for- 
mat shown in FIG. 67. 

[0085] FIG. 70 shows tiie fonnat of an AiMR mes- 
sage of the DIAMETER protocol. 
[0086] FIG. 71 shows the fonnat of an IHAR mes- 
sage of the DIAMETER protocol. 
[0087] FIG. 72 shows the format of an AMA mes- 
sage of the DIAMETER protocol. 
[0086] FIG. 73 shows the format of an HAA mes- 
sage of the DIAMETER protocol. 
[0O89] FIG. 74A shows the format of an AMU mes- 
sage of the DIAMETER protocol. 
[0090] FIG. 74B Shows the format of 'MIP Binding 
Update AVP' of an AMU message. 
[0091 ] FIG. 75A Shows the fonnat of an AMAc mes- 
sage of the DIAMETER protocol. 
[0092] FIG. 75B shows the format of 'Mobile IP 
Binding Acknowledge AVP of an AMAc message. A 
message is set In the third line in the fonnat shown In 
FIGS. 74B and 758. 

3. FA 500 / IHA 200 according to ttie present Invention 

3.1 . Outiine of HA (home agent) and FA (foreign agent) 

[0093] The fonctlons of the l=A 600 and tiie HA 200 
are described beiow by referring to FIG. 2. 
[0094] Nonnaily, the IP address of each mobile 
node Is managed by a corresponding HA, and a packet 
Is transfonred based on tiie IP address. Then, a packet 
addressed to the mobile node 600 is basically trans- 
fen^d to the HA 200, and is further transfened from the 
HA 200 to the mobile node 600. 
[0095] However, when the mobile node 600 Is 
moved from tiie communications area of the servtee 
provMer (home network) 1 0 to the communk»tions area 
of the foreign network 40, and when the mobile node 
600 Is accommodated by the FA 500 using the MIP 
(mobile IP), tiie HA 200 cannot transfer a received 
packet to the mobile node 600. 
[0096] To solve the problem, when a mobile node 
enters the comnrujnk^ations area of the FA 500, the FA 
500 notifies (location registration) the HA 200 of It 
Therefore, upon receipt of a packet addressed to the 
mobile node 600, the HA 200 capsules (adds a new IP 
header In which the FA 500 is set as the destination of 
the transfer to the received packet) the packet according 
to the notification, and transfers it to the FA 500. Then, 
the FA 500 decapsules the packet by removing the 
newly added IP header from the received packet, and 
transfers the packet to the address indicated by the orig- 
inal header, that ISp the address of the mobile node 600. 
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Thus, although the mobiie node 600 has been moved, 
the packet can be transferred to the mobile node 600. A 
packet can also be transferred using a link layer address 
corresponding to the home address of the mobile node 
600, For example, an MAC address can be used as a 5 
link layer address. In additmn, the correspondence 
between an IP address and a nnk layer address can be 
n^aged by a table (shown In FIG. 4) refsn^d to as a 
visitor list 

10 

3.2 Configuration of FA / HA 

[0097] FIG. 3 is a block diagram of the functions of 
the home agent (HA 200) and the foreign agent (FA 
500) shown in FIG. 2. The HA 200 and the FA 500 basi- 15 
cally have the same configurations. That Is, when a 
mobile node connected to an agent apparatus Is con- 
nected to a contract service provider 10 of the moblie 
node, the agent apparatus functtons as a home agent 
(HA 200) for the mobile node. When it is connected to a 20 
non-contract provKler of the mobile node, the agent 
apparatus functions as a foreign agent (FA 500) for the 
mobile node. That Is, for example, an agent apparatus 
controlled and managed by an ABC provider functtons 
as a home agent for a mobile node whksh contracts with 25 
the ABC provider, but functions as a foreign agent for a 
mobile node which does not contract with the ABC pro- 
vkder. In the description betow. It Is assumed that the HA 
200 and the FA 500 have the same functions. 
[0098] The HA 200 (FA 600) contains a router con- 30 
trol unit 220 (520), a service control unit 210 (510), and 
a service control transactton 230 (530). In the following 
description, the configuration containing the router con- 
trol unit 220 (520), the servtee control unit 210 (510), 
and the service control transaction 230 (530) can be 3S 
refemed to as an agent control unit 
[0099] The router control unit 220 (520) of the agent 
control unit (HA 200 (FA 500)) comprises a router com- 
munications control unit 221 for controlling the commu- 
nteations with the service control unit 21 0 (51 0), and a 40 
router control table group 222. 
[0100] Furthennore, the router control table group 
222 comprises a routing table 223 to be referred to 
when a path to a destination of a received packet Is 
determined, a binding cache 224 which is a temporary 45 
routing table, and a service control filter 225 for passing 
only a specific packet 

[0101] The service control unit 210 (510) of the 
agent control unit (HA 200 (FA 500)) comprises a serv- 
ice communications control unit 21 1 for controlling the so 
communications between the router control unit 220 
(520) and the service control transaction 230 (530), and 
an anycast address binding table 212 set/referenced by 
the agent control unit (HA 200 (FA 500]) as a table for 
determlnlng/hianaging the destination of a packet. ss 
[01 02] The seonce control transaction 230 is a con- 
trol table. The FA 500 Is different In format from the HA 
200. RG. 4 shows the fonrnat of the control table of the 



service control transaction 530 of the FA 500. FIG. 5 
shows the format of the service control transaction 230 
of the HA 200. 

3.3 Sen/Ice Control Ti^nsaction of FA 500 

[0103] In FIG. 4, control blocks 1 through n are 
pointers pointing to the leading address In each control 
block. FIG. 4 shov^ the information relating to the con- 
trol block 1 in a plurality of control btocks. 
[0104] When the mobile node 600 is connected to 
the FA 500, the service control transacdon has the fol- 
lowing settings. 

(1) Control block 1 

[0105] A 'session ID' Is a unique value set when a 

registration request message is received from the 
mobiie node 600. An NAI (networic access identifier) 
provided from the mobile node 600 Is iset In the 'NAI of 
MN'. The leading address of a session transaction table 
Is set in the 'session transaction table'. The leading 
address of a visitor list table Is set In the Visitor list 
table'. The visitor list table Is used for management of a 
mobiie node, when the mobile node is connected to a 
foreign agent The leading address of a service profile 
table Is set in the 'servtee profile table*. 

(2) Session transaction table 

[0106] The association with other entities (contain- 
ing FA, HA, AAA) Is recorded In the "session transaction 
table'. In this table, an AAA address (AAAF address) is 
set as the destination of an AJMR (authentication 
request) message. 

(3) Visitor Tist table 

[0107] A 'IP source address (home address)' stores 
the IP address of a mobile node assigned by the servbe 
provider 10. A link layer address (tor example, a MAC 
address, etc.) used In transmitting a registration reply 
message to an MN (mobile node) or an SN (stationary 
node) is set in the 'link layer address of MN or SN'. An 
UDP source port is set in the 'UDP source port. The 
address of a home agent to which the mobile node 
belongs Is set in the 'home agent address'. The value of 
an identifier field of a registration request contained in a 
registration request message transmitted from the 
mobile node is set in the 'Identifier field of a registration 
request*. The information about a valid term of the net- 
work infonriBtion about a mobile node or a user, and of 
the service profile Information is set in the 'lifetime'. 

(4) Service profile table 

[0108] The type of service to be provided Is set In 
the 'service type'. A service can be, for example, QoS 
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(qualify of service). A method for realizing the QoS can 
be, for example, Int-Serv or Diff-Serv. In the present 
embodiment, the Diff-Serv requiring a smaller overhead 
is adopted. A Diff-Serv application policy Is set In the 
'Diff-Serv application pollc/. For example, a condition 5 
(policy) such as 'A packet storing data relating to the 
'FTP (file transfer protocol) Is transfenfed by priority, and 
a packet storing data reladr^g to e-mail is transfened 
with tower priDrity* Is set At this time, a different poiby 
can be set for each combination of a destination w 
address and a port of a packet 
[01 09] An address for a packet to be transmitted to 
a destination address 1 Is set In the 'destination address 
1 '. The infomnatlon spediying the port con'esponding to 
the destination address 1 is set in the 'destination port 15 
1*. The information about the TOS (type of servbe) of 
the IP transmitted to the destination address 1 is set In 
the TOS 1'. In the Drff-Serv, the priority transfer control 
Is performed based on the TOS value. 

20 

3.4 Service control transaction of HA 200 

[0110] The service control transaction 230 of the 
HA 200 Is described by refsning to FIG. 5. The explana- 
tion whtoh was explained relating to the service control 25 
transaction 530 of the FA 500 Is omitted here. 

(1) Control bk)ck1 

[0111] The leading address of the session transac- 30 
tion table is stored in the 'session transaction table*. The 
leading address of the mobility binding table is set In the 
'mobility binding table'. The leading address of the serv- 
tee profile table Is set In tiie 'service profile table'. 

35 

(2) Sesston transaction table 

[0112] The association with other entities is stored 
in the 'session transaction table'. In this example, the 
address of the AAAH 1 00 set as the destination of the 4q 
HAA (HA registration reply) message transmitted from 
the HA 200 is set. 

(3) l\^obirity binding table 

46 

[0113] The home address of a mobile node is set in 
the 'home address*. The care-of address whteh Is the IP 
address used In transferring a packet addressed to a 
mobile node when the mobile node Is accommodated 
by the FA 500 is set In the 'care-of address of a mobile so 
terminal*. Upon receipt of a packet to be transfemed to 
the home address of the mobile node, the HA 200 trans- 
fers the received packet to the FA whteh accommodates 
the mobile node after capsuRng the packet using the 
'care-of address'. The value set in the item correspond- ss 
ing to the visitor list of the FA 600 shown In FIG. 4 is also 
set In the 'Identifier fiekj of registration requesf and the 
'lifetime' 



(4) Servtee profile table 

[01 14] The Information specifying the type of serv- 
be is set in the 'service type (packet filtering)'. In this 
example, the information specifying the packet filtering 
for rejecting a packet Is set according to the specified 
restriction condition. 

[0115] The type of restriction applteation policy, for 
example, the necessary infomnation for Rm'iting a packet 
containing harmful contents, access to a specified 
server address, access to a specified network domain, 
the use of a specified port, eto. Is set In the 'restriction 
application policy', the 'restricted address*, and the 
'application condition', etc. 

3.5 anycast address binding table (common in an FA 
and HA) 

[0116] FIG. 6 shows an example of the anycast 
address binding table 212. The anycast address binding 
table 212 contains a plurality of binding blocks. In the 
following description, the leading address of the binding 
block table is set In tiie 'binding block 1 ', and the "binding 
btock 1 table' specified by the address is carefully 
checked. 

[01 17] The destination address Is set in the 'anycast 
address*. The NAI corresponding to the terminal devfoe 
preliminarily specified by the user who receives an any- 
cast service is set In the 'NA1 1 ' through the 'MAI n'. The 
state of a oonresponding NAI, for example, online, 
offline, fault, congestion, etc. is set in the 'state'. The 
procedure or condition for selecting one or more NAls in 
the 'NAI r through the 'NAI n' is set In tiie 'anycast 
address selection policy'. 

[0116] When the received destination address 
matches the 'anycast ADDRESS' registered In the any- 
cast address binding table 212. the HA 200 or the FA 
500 selects 1 or a plurality of 'NAls' according to the 
'anycast ADDRESS SELECTION POLICV, transfers 
the padcat to the selected NAI. 

3.8 Routing table (common between FA and HA) 

[01 19] FIG. 7 shows an example of the routing table 
223. According to the destination address stored In die 
header of the received packet, the 'DESTINATION 
ADDRESS* of the routing table 223 Is refen^ to and 
searched, and the 'NEXT HOP ADDRESS' of a router, 
etc. to which the packet Is to be transferred Is obtained 

3.7 Binding cache (common In an FA and HA) 

[0120] FIG. 8 shows an example of the binding 
cache 224. The binding cache 224 is used as a tempo- 
rary routing table, and is referred to by priority by ttie 
routing table 223 shown in FIG. 7. It stores the infonna- 
tion required to effk^lently transfer a packet, that is, 
'SOURCE ADDRESS', 'SOURCE PORT, 'DESTINA- 
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HON ADDRESS'. 'DESTINATION PORfT. 'CAPSULA- 
TION'. CARE-OF ADDRESS', and TOS' fields. In these 
fields, a source address, a source port, a destination 
address, a destination port, capsulation, a care-of 
address, and a TOS are set respeedvelyi 5 

3.8 Service control fitter (common In an FA and HA) 

[0121] FIG. 9 dhows an example of the service con- 
trol filter 225. The service control filter 225 Is a table for 10 
storing the Information specHyIng a target packet (for 
example, a packet satlsiying a specified restriction oon- 
dftion). The \ab\e corrtalns fields In which 'SOURCE 
ADDRESS', 'SOURCE PORT, "DESTINATION 
ADDRESS', and 'DESTINATION PORT are set The is 
HA 200 and the FA 500 extract a specific packet from 
the received packets according to the condition set in 
the table. 

3.9 Process 1k)w In HA 200 and FA 500 20 

[0122] FIG. 1 0 ie a flowchart of the operations of the 
HA 200 and tiie FA 500. In FIG. 10, the operattons are 
performed after a packet is received by the HA 200 or 
the FA 500. The packet received by the HA 200 (FA 500) 2S 
Is processed In the cooperative operations of the router 
control unit 220 (520) and the service control unit 210 
(510) shown in FIG. 3. 

[0123] A router control unrt analyzes the header 
Infonriation of the received packet, and determines 30 
whether the packet is a data packet or a protocol packet 
(steps S161 and 81 62). 

[0124] Before explaining tiie operations perfonned 
In step S1G3, a control request message and a control 
reply message are described by referring to FIGS. 11 ss 
and 12. 

[0125] FIG. 11 shows an example of the control 
request message. This message contains a request to 
receive a message and a padcet as a control request 
when the command code Is 'NOTIFICATION EVENT. 40 
When tiie command code is 'ADDITIONAL INFORMA- 
TION', the message as a control request contains a 
request to Indteate the position of the received message 
in a buffer as a pointer, or a request to control the 
header Infonriation of the received packet The above 45 
described command and control request are set In a 
control request message as a specific code, and are 
transmitted to the service communtoations control unit 
211. 

[0126] FIG. 12 shows an example of a control reply eo 
message. This message is classified Into 5 types 
according to the settings of a command code. 

(1) When a command code is 'CONTROL FLAG', 
the message as a control reply contal ns a message ss 
transmisston Instruction, a filter setting instruction, 
a binding cache setting Instruction, a packet edition 
Instruction, a packet rejection Instruction, etc. 



(2) When a command code is TRANSMISSION 
MESSAGE INFORMATION', the message as a 
control reply contains a pointer Indicating the 
address of a transmission message. 

(3) When a command code Is 'FILTER SETTING 
INSTRUCTION', tiie message as a control reply 
contains a source address, a source port, a desti- 
nation address, and a destination port. 

(4) When a command code is 'Binding cache 
INFORMATION', the message as a control reply 
contains a source address, a source port, a desti- 
nation address, a destination port, a care-of 
address, and a TOS (type of sennce). 

(5) When a command code Is 'R\CKET EDITING 
INFORMATION', the message as a control reply 
contains a TOS value and a care-of address. 

[0127] Back In FIG. 1 0, when a received packet is a 
protocol packet, the control request message shown in 
FIG. 11 Is transmitted from the router oommunk:ations 
control unit 221 to the servtoe communtoations control 
unit 211 In step SI 63. 

[0128] When the servtee communksations control 
unit 21 1 receh^es a control request message, it analyzes 
the message, and sets the service control transaction 
230 (530), and the anycast address binding table 212 of 
tiie service control unit 210 (510) (step 81 64). The infor- 
mation to be set according to the control request mes- 
sage Is described later. 

[0129] When there Is a control reply message In 
response to tiie received control request message, or a 
consecutive message determined by a protocol (for 
example, an AAA protocol, etc), a protocol message Is 
edited using a transmisston buffer (step SI 65). Then, 
the service control unit 21 0 (51 0) transmits to the router 
control unit 220 (520) a control reply message In whteh 
a message transmission request Instiructton and a 
transmission message buffer pointer are set (step 166). 
[0130] Then, the router control unit 220 (520) 
receives a control reply message from the service con- 
trol unit 210 (510). When a filter setting instruction is set 
as a command code of the control reply message, the 
router control unit 220 (520) registers specified IP 
header Infonriation in the service control filter 225 
shown In FIG. 9 (step SI 67). When binding cache infor- 
mation Is set as a command code of tiie control reply 
message, the router control unit 220 (520) registers 
specified address/port infonriation, etc. In the binding 
cache 224 shown in FIG. 8 (step 168). When message 
transmission information la set as a command code of 
tiie control reply message, a protocol packet is transmit- 
ted by referring to the specified transmission message 
pointer, tiiereby temnlnating the process of tiie received 
packet (step 1 69). 

[0131] On the other hand, when a data packet is 
received (data packet in step SI 62), the router control 
unit 220 (520) checks whetiier or not tiie extracted IP 
header Information has been registered In tiie binding 
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cache 224 shown In FtG. 8 (step 16A). If the extracted 
IP header information has tseen registered in the bind- 
ing cache 224, the header of the receh^ed pacl<et ie 
edited according to the infbmiatlon registered in the 
binding cache 224, and the paclcet is transfen-ed to the 5 
destination address specified by the binding cache 224, 
thereby temnlnatlng the process (step SI 6B). 
[0132] On the other hand, If the IP header Informa- 
tion has not been registered In the binding cache 224 in 
step S16A, the router control unit 220 (520) checks 10 
whether or not the IP header Information has been reg- 
istered in the service control filter 225 shown In FIG. 9 
(step SI6C}. If the IP header Information has not been 
registered In the service control fiiter 225 (FIG. 9) in 
step 160, the router control unit 220 (520) refers to the 15 
routing table 223 shown In FIG. 7. and transfers the 
paclcet to the spedfled destination (a router, etc) (step 
16D). If the IP header Information has been registered 
In the service control fiiter 225 (FIG. 9) in step 160, the 
router control unit 220 (520) sets 'NOTIFIOATION 20 
EVEI^' as a command code, sets 'RECEPTION OF 
RACKET as a control request message, generates a 
control request message in which 'ADDITIONAL 
INFORMATION' Is set as a command code, and 'IP 
HEADER INFORMATION' Is set as a control request 25 
message, and transmits the message to the sen/Ice 
control unit 210 (510) (step 16E). 
[0133] Upon receipt of a control request message 
relating to the reception of a paclcet, the service control 
unit 21 0 (61 0) searches the visitor list table (FIG. 4) of 30 
the service control transaction 530 of the FA 500, the 
mobility binding table (FIG. 5) of the iHA200, or the any- 
cast addre^ binding table 212 of the service control 
unlt210 (510) according to the 'IP HEADER INFORMA- 
TION' set in the message (step SI 6F). The Information 35 
used in the search Is the home address (the source 
address In FA 500, and the destination address in the 
IHA200) of the mobile node. 

[0134] When the address Information is specified 
by the search, the service control transaction 230 (530) 40 
compares the service profile table (refer to FIG. 4 for FA 
500, and refer to FIG. 5 for HA 200) with the IP header 
Information. If matching information has been regis- 
tered, the editing information (for example, a TOS value 
upon which the priority transfer control Information is 45 
based, etc.) about the packet spedfied in the service 
profile table Is transmitted to the router control unit 220 
(520) together with the packet edition instruction of the 
control reply message (step S16G). 
[0135] When a packet editing Instruction Is In so 
the control reply message transmitted In step S1 6G, the 
router control unit 220 (520) edite the header of the 
received packet at the Instruction, and transfers the 
message (step S16H). To efficiently transfer the subse- 
quent packets, the header editing Information of the ss 
packet and the Informatnn used in transferring the 
packet are registered in the binding cache 224 shown In 
FIG. 8, thereby temilnating the process relating to 



received packete (step SI 61). 

4. AAAF according to the present invention 

4.1 Outline of AAAF 

[01 36] The outline of the functions of the AAAF 400 
Is described below by referring to FIG. 2. 
[0137] Upon receipt of a registration request mes- 
sage from the mobile node 600, the FA 500 analyzes 
the registration request messG^e, and transmHs to the 
AAAF 400 an AMR (authentication request) message 
containing the Information stored in the registration 
request message. Upon receipt of the authentication 
request message, the AAAF 400 detennlnes whether or 
not it is necessary to assign an appropriate HA 200, and 
whether or not It Is necessary to delete (when an event 
such as the reception of a session completion message, 
the expiration of a session tinr^r set In the service con- 
trol transaction, etc. occurs) the service control Infonna- 
Hon of the previous HA which has already been 
assigned, and transmits a necessary protocol message 
to the AAAH 100. In addition, the state of assigning a 
plurality of HAs 200 is managed. 'Assigning* is often 
used to refer to 'specifying'. For example, 'assigning an 
HA' refers to specifying an agent among a plurality of 
agente. 

4.2 Configuration of AAAF 

[Dl 38] FIG. 1 3 shows an example of the configura- 
tion of and the operatkin of the AAAF 400 shown In FtG. 
2. The AAAF 400 comprises a service control unit 410 
and a service control transaction 420. The entity config- 
uring the service control unit 41 0 and the servtea control 
transaction 420 can be hereinafter refen^ to as a serv- 
ice control unit. 

The service control unit 410 comprises a service com- 
munlcations control unit 41 1 for controlling the commu- 
nteations with the service control transaction 420, and a 
HA assignment table 41 2. Then, the servtee control unit 
410 sets, searches, updates, and deletes the servk:e 
control transaction 420 and the HA assignment table 
412 according to the received protocol message. The 
service control unit 410 has the function of operating 
according to the DIAMETER protocol, and also has the 
function of parfonning a common protocol process 
using a message receptton buffer and a message trans- 
mission buffer. 

[01 39] The service control transaction 420 Is a con- 
trol block. FIG. 14 shows an example of the fonnat of a 
control block. In the service control tnansactions 420 of 
the AAAF 400, the descriptions also made for the serv- 
ice control transaction 230 of the HA 200 are omitted 
here. 
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(1) Control block 1 

[0140] A NAI (network access Identifier) of the FA 
500 (FIG. 2) Is set In the 'NAI OF FA'. 

5 

(2) Session transaction table 

[0141] The network address of the FA 600 (FIG. 2) 
is set In 'FA ADDRESS*. The network address of the 
AAAH 1 00 (FIG. 2) Is set In 'AAAH ADDRESS'. The net- io 
work address of the HA 200 (FIG. 2) is set in 'HA 
ADDRESS*. A timer value Is set In 'SESSION TliVI ER*. If 
the AAAF 400 assigns the HA 200 when the timer value 
in the 'SESSION TIMER' reaches the maximum value, 
then the service control infomnation about the HA is 
assigned to the mobile node relating to the session is 
deleted. 

(3) Service profile table 

20 

[0142] Ttie infbrmatton for application of Diff-Serv is 
set for a packet to be transferred In 'SERVICE TYPE 
(Dlff-Serv TRANSMISSION)' through TOSn'. The set 
infomiation Is basically the same as the contents of 
'SERVICE TYPE (Drff-Serv ARRIVAL)' through TOSn' 25 
of the sennce control transaction 230 of the HA 200. 
However, both *Diff-Serv ARRIVAL' and 'Diff-Serv 
TRANSMISSION' can be set 
[01 43] Next, the fbnnat of the service control trans- 
action 420 shown in FIG. 13 Is described below by refer- 30 
ring to FIG. 15. in FIG. 15, management blocks 1 
through n are used when the AAAF 400 {or the AAAH 
100) assigns the HA 200. Each of the management 
blocks 1 through n Is a pointer pointing to the leading 
address of each of the management blocks 1 through n. 3S 
and Indicates the leading address of each of the man- 
agement blocks 1 through n. In FIG. 15. In a plurality of 
management blocks, the management btock 1 is 
described below. 

[0144] When the IHA 200 Is assigned by the AAAF 40 
400, the foitowing settings are made. That is, the 
address of the management block 1 is set in 'MANAGE- 
MENT BLOCK 1 ' as a pointer. The address of the HA 
200 is set in 'HA ADDRESS'. In 'HA NETWORK APPLI- 
ANCE INFORMATION', for example, when the perform- 4s 
ance of each network appliance installed in each of a 
plurality of HAs is different from the performance of 
each other, the class Information about the network 
appliance can be set for each HA. 

so 

4.3 Process fk)w of AAAF 

[0145] The process flow of the AAAF 400 Is 
described below isy referring to FIG. 1 6. Since the proc- 
ess about relaying a message (for example, the process ss 
of receiving an AMR message from the FA 500, and 
transfanlng the message to the AAAH 100, etc.) has 
already been explained, those descriptions are omitted 



here. The other processes are described below. 
[0146] Rrst, In atep S201, when the AAAF 400 
receives a packet, It extracts the IP header information 
(FIG. 65) from the packet, and sets the service control 
transaction 420 according to the message stored In the 
packet. 

[0147] When the receh/ed message Is an AMA 

{authentk:ation reply) message, and the value of the 
home address of the message is '0 (zero)' or 'FFFF 
(hexadecimal)' (they are hereinafter described as the 
home address of '6), the AAAH or the AAAF dynami- 
cally assigns the HA. Which assigns the HA, the AAAH 
or the AAAF, depends on the contract between provid- 
ers, the policy of a contract provkier, or the contract 
between a subscriber and a provider. 
[0148] in step S202, the value of the home address 
of the received AMA message is referred to, it Is deter- 
mined whether or not it Is necessary to assign an HA. 
When the value of the home address Is 0 (zero), control 
Is passed to step S203 (an HA is to be assigned) to 
assign an HA. Othenvise, control is passed to step 
S204 (an HA Is not to be assigned). 
[0149] In step S203, the AAAF 400 refers to the HA 
assignment table 412 (FIG. 15), and selects an appro- 
priate HA 200. A practical procedure of selecting an HA 
200 is described later. Then, in step S205, an assign- 
ment counter (FIG. 15) of the l-IA 200 selected accord- 
ing to the HA assignment table 41 2 Is added. 
[0150] in step S204, when the AAAF 400 assigns 
the HA 200, it is determined whether or not it Is neces- 
sary to delete the service control information about the 
HA 200 ass^ned to the mobile node con-espondlng to 
the session. When a session connpletion message is 
received In this process, or when an Internal event asso- 
ciated with the expiration of the session timer set In the 
servtee control transaction 420 occurs, service control 
information Is deleted. 

[0151] in step S206, a protocol niessage (an AMA 
message, etc.) corresponding to the received massage 
is edited, in step S207, the protocol message Is trans- 
mitted. 

[0152] A practical example of the above described 
steps S201 through S207 Is described below in (1) 
through (3). 

(1) Characteristics of the process flow when a 
request to assign an HA 200 la Issued. 

S203: The AAAF 400 refers to the HA assign- 
ment table 412, and selects an appropriate HA 
200. 

S205: An assignment counter (FIG. 15) of the 
HA 200 selected according to the HA assign- 
ment table 412 Is Incremented. 
S206, S207: The processes described In (a) 
and (b) below are perfonned. 

(a) When the message received from the 
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AAAH 100 Is an AMA message, an HAR 
message is generHted acoording to the 
received message, and the service proflie 
information corresponding to the moblie 
node 600 Is added to the IHAR message. 5 
Then, the HAR message is transmitted to 
the HA 200. 

(b) When the message received from the 
HA 200 is an HAA message, an AM A mes- 
sage Is generated according to the 10 
received message, and the service profile 
infonnatlon corresponding to the moblie 
node 600 is added to the AM A message. 
Then, the AMA message Is transmitted to 
the FA 600. rs 

(2) Process perfonned when a request to delete 
service control information about the HA 200 is 
issued 

20 

S204: When a session completion message Is 
received, or when an internal event associated 
with the expiration of a session timer set In the 
service control transaction 420 occurs, the 
service control Information about the HA 200 25 
assigned to the mobile node contending to 
the session is deleted If the AAAF 400 has 
assigned the HA 200. 

S205: An assignment counter of the HA 200 in 
the HA assignment table 412 Is decremented. 30 
5206: A session release message Is edited. 
S207: A session release message Is transmit- 
ted to the FA 500. 

(3) Process performed when the AAAF 400 does 38 
not assign the HA 200 

S201: Upon receipt of a pacl<et, the service 
control unit 410 extracts the IP header inf emo- 
tion (FIG. 55) from the ped^, and sets the 4a 
service control transaction 420 according to 
the received message. 

S202, S204: When the AAAF 400 does not 
assign the HA 200, the processes relating to 
the steps are not performed. 4s 
S206: A protocol message corresponding to 
the received message Is edited. 
S207: The edited protocol message is transmit- 
ted to the entity of the function to be transmit- 
ted, so 



servtee control transaction 120, the HA assignment 
management table 112, the servica control database 
300, and an anycast address management table 1 13. It 
sets, searches, updates, and deletes the service control 
transaction 120, the HA assignment management table 
1 12, the service control database 300, and the anycast 
address management table 113 according to the 
receh/ed protocol message. The service control unit 1 1 0 
has the function of operating according to the DIAME- 
TER protocol, and also has the function of performing a 
common protocol process using a message reception 
buffer and a message transmission buffer. 

5.2 Configuration of AAAH 

[0155] FIG. 1 7 shows an example of the blocic dia- 
gram showing the configuration, the function, and the 
operations of the AAAH 100. The AAAH 100 comprises 
the service control unit 110. and the service control 
transaction 120. Hereinafter, an entity fbnnlng the serv- 
ice control unit 11 0 and the service control transaction 
1 20 can be referred to as a service control unit 
[0156] The service control unit 110 comprises a 
service communications control unit 130 for controlling 
the communications with the sen/lce control transaction 
120, and a service control table group 111. The service 
control table group 111 comprises an HA assignment 
management table 1 12 and an anycast address man- 
agement table 113. The service control unit 110 sets, 
searches, updates, and deletes the service control 
transaction 1 20 and the service control table group 1 1 1 
according to the received protocol message, in addition, 
the service control unit 1 10 has tiie function of operating 
according to tiie DIAMETER protocol, and the function 
of performing a common protocol process using a mes- 
sage reception buffer and a message transmission 
buffer. 

[01 57] The sendee control tran^ction 1 20 is a con- 
trol biocie FIG. 1 8 shows the fonnat of the control blocic 
in the description of the service control transaction 120 
of the AAAH 100, the descriptions also made for the 
servbe control transaction 420 of the AAAF 400 are 
omitted hers. 

(1) Control block 1 

[01581 The NAI (network access identifier) of a 
moblie communications Is set in 'NAI of MN*. 

(2) Session transaction table 



5. AAAH according to the present Inventton 
5.1 Outilne of AAAH 

55 

[0153] The outilne of the function of the AAAH 100 

Is described by referring to FIG. 2. 

P154] A servica control unit 110 comprises the 



[01 59] The address of the HA 200 (FIG. 2) is set In 
'HA ADDRESS'. The address of the AAAF 400 (FIG. 2) 
Is set In 'AAAF ADDRESS'. 

(3) Sen^k» profile table 

[016O] The type of ANYCAST service Is set In 



19 



37 



EP1089 580 A2 



38 



'SERVICE TYPE (ANYCAST)'. 
[0161] FIG. 19 Ghows an example of the anycast 
address management table 113. This table comprises 
managing blocks 1 through n In an anycast address 
unit. Each managen^nt block includes, for example, 5 
•SERVICE TYPE (anycast)', 'anycast ADDRESS 
SELECTION POLICY, one or more 'NAI USING ANY- 
CAST ADDRESS'. 'CARE-OF ADDRESS', and 'STATE' 
conesponding to the 'NAi'. Online, offline, fault, conges- 
tion, etc. can be set In 'STATE'. io 
[0162] FIG. 20 shows an example of the service 
control database 300 shown In FIG. 17. The service 
control database 300 stores, for example, the Infonna- 
tion described below tor each subscriber, in this exam- 
pie, the service control database 300 Is designed using 15 
the NAI (network access Identifier) Identifying a sub- 
scriber as a key. it is possible to provide various serv- 
ices containing security, roaming, QoS, multicast, etc. 
as value-added servk:es. According to the embodiment, 
the Dlff-Serv. ANYCAST, packet-filtering are used as 20 
examples of value-added services. 

(1) Security sen^lce 

[0163] The informatk)n specifying the algorithm of 25 
the encryptton to be used, a oonnmunk»tions encryption 
key used between a mobile node and a home agent, 
etc. are stored. For example, an MD5 (message digest 
5), a DES (data encryption standard), etc. are provided 
as encryption algorWims. so 

(2) Roaming servtee 

[0164] TTie infomiatlon Indicating whether or not a 
roaming service is to be provided, a list of domains (for- 3S 
eign network) where roaming Is pennitted, etc. are 
stored. According to the information, a roaming service 
1$ provided fbr a epecinc user. 

(3) I^Aulticast service 40 

[0165] The information Indteating whether or not a 
multicast service is to be provided, and a list of multicast 
groups which can be registered are stored. According to 
the Information, a multicast service such as a point-to- 4s 
multipoint connection, etc. is provided. 

(4) QoS service 

[0166] The Infonnation Indteating whether or not so 
QoS service Is to k)e provided, QoS Information, etc. are 
stored. According to the information, services such as 
the guarantee of the QoS In transfen^lng a packet, the 
control of priority transfer of a packet, etc. can be pro- 
vMed. S5 



(6) Temiinal ability 

[0167] V^lous devices (including a mobile node) 
are connected to an IP network, and the devk:es are dif- 
ferent in abinty. Therefore, for example, the information 
about the maximum capacity of received data, the abil- 
ity of regenerating an Image (moving picture and static 
image), the ability of regenerating voice data, etc. is 
stored m TERMINAL ABILITY'. According to the Infor- 
mation, servtees depending on the abiliV of each temni- 
nai devwe can be provkied. 

(6) Appiteation servk» 

[0168] A list of available applteations is stored, it is 
preliminarily detennined whether or not each of the 
listed applications Is available depending on, for exam- 
ple, the ability of a terminal, an available bsmdwkJth, etc. 
According to the Information, the execution of an una- 
vailable application can be avoided, and a cooperative 
process wAh a filtering operation, etc. as an application 
can be perfomned based on the contents of a packet An 
example of an unavailable application woukJ be if a user 
tenninai does not have a function to decode a video 
stream, then the video appiteation Is an 'unamilable 
applcatlon" for tiie terminal. 

[0169] FIG. 21 shows a practical example of the 
sen/ice control database 300. In FIG. 21, each of the 
user profiles 1 through n is a pointer pointing to the lead- 
ing address of each user profile. The NAi (network 
access kjentifier) of a user is set at the head of each 
user profile. Since the subsequent fields are sbniiar to 
tiie data in the service pnofiie table of tiie AAAF 400 
shown in FIG. 13, or the AAAH 100 shown in FIG. 18, 
the descriptions are omitted here. 

5.3 Process flow of AAAH 

[0170] FIG. 22 is a flowchart of the operations of the 
AAAIH 1 00 which received a packet Upon receipt of a 
packet, the AAAH 100 extracts IP header Intbmnation 
(FIG. 55) from ttie packet, and sets the servtee control 
transactten 120 shown in FIG. 17 according to the mes- 
sage stored in the packet in step S221 . Then, in step 
S222, It is determined whetiier or not the recehred nnes- 
sage is an AMR message, if an AMR message is 
received, the processes In steps S223 through S22F 
are performed. 

[0171] Described below are practical examples (1) 
tiirough (6) of the operations In steps S223 tii rough 
S22F. In the following explanation, tt is assumed that the 
AAAH 1 00 receives an AMR message from the AAAF 
400. However, the AAAH 1 00 can receh/e an AMR mes- 
sage from the HA 200. When the AAAH 1 00 receives an 
AMR message from the HA 200, It r^ums an HAR mes- 
sage to the HA 200. 
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(1) Process performed when a received message is an 
AMR (authentication request) message, and the home 
aGtdress In the message Is not an anycast address 

[0172] Upon receipt of an AMR message from the 5 
AAAF 400 or the HA 200, the AAAH 100 extracts the 
home address of the mobile node from the registration 
request message capsuled in the AMR message, and 
searches the anycast address management table 113 
shorn In FiG. 1 9 using the home address as a l<ey (step w 
S223). In this example, it is assumed that the extracted 
home address has not been registered in the anycast 
address management table 113 (step S224: non any- 
cast address), and control Is passed to step S225. 
[0173] Then, the user profiles 1 through n (FIG. 21) 15 
of the service control database 300 shown in FIG. 1 7 
are searched using the NAI (networic access Identifier) 
contained In a received message as a key (step S225). 
in the searching process, service profiles correspond- 
ing to the NAI are read, and set In the service control 20 
transaction 120 shown in FIG. 1 8 (step S226). 
[0174] In step S227, It Is checked whether or not it 
Is necessary for the AAAH 1 00 to assign an HA. In this 
case, it Is confimied whether or not an HA address is 
spedfied In the received message. That is, if the AAAH 25 
100 has already assigned an HA, or if the AAAF 400 
assigns an l-IA, then it is not necessary for the AAAH 
100 to assign an HA. That Is, when the value of the 
home address of a received message Is 0 (zero), or the 
AAAF 400 does not assign the HA 200, the AAAH 100 30 
assigns the HA 200 in step S228. 
[0175] FurtherrTX)re, the assignment counter of the 
HA assignment management table (FIG. 15) corre- 
sponding to a specified HA address Is incremented 
(step S22B). Then, the protocol message correspond- 35 
Ing to the received message Is edited, and the edited 
message is transmittBd to a transmission target entity 
(AAAF 400 or HA 200), thereby temnlnating the process 
on the received message (steps S22E, S22F). That is, 
when an AM R message e received from the AAAF 400, 40 
the AMA message Is returned to the AAAF 400. On the 
other hand, when an AMR message is received from 
the HA 200, an HAR message is returned with the senr- 
tee control Information added thereto. In this case, the 
HA 200 returns a location rsgistratton reply message to 45 
the mobile node. 

[01 76] Described betow is the procedure of specify- 
ing the HA 200. 

(a) When the AAAH 1 00 specifies the HA 200 so 

[0177] Upon receipt of an AMR (authentication 
request) message from tiie AAAF 400, the AAAH 100 
generates an HAR message according to the received 
message. Then, the AAAH 1 00 adds the servtee profile ss 
information corresponding to the mobile node 600 to the 
HAR message, and transmits it to the HA 200. 



(b) When the AAAF 400 specifies the HA 200 

[0176] Upon receipt of an AMR message from the 
AAAF 400, the AAAH 1 00 generates an AMA message 
according to the received message. Then, the AAAH 
100 adds the servtee profile Information corresponding 
to the mobile node 600 to the AMA message, and trans- 
mits It to the AAAF 400. 

(2) Process performed when a received message Is an 
AMR message, and a home address is not set in the 
message 

[0179] in this case, the procedure of the process Is 
bBsk:aiiy the same as (1) £d>ove. However, since no 
home addresses are specified in the AMR message (0 
(zero) is set as tiie HA address of the received mes- 
sage), the HA assignment management table 112 
shown In FIG. 15 is referred to, and an appropriate HA 
Is selected in step S228. Then, in step S22B, an assign- 
ment counter corresponding to the address of the 
selected HA 200 Is incremented. 

(3) Process performed when a received message is an 
AMR message, and the home address in the message 
is an anycast address 

[0180] As in (1) or (2) above, the anycast address 
management table 113 shown in FiG. 19 is searched. 
However, in this case, it is assumed that the extracted 
home address has been registered in the anycast 
address management table 113 (step S224: anycast 
address), and control Is passed to step S22C. 
[0181] in step S22C, the management blocks 1 
through n of the anycast address management table 
1 13 are searched using tiie 'NAI' stored in the received 
message as a key. Assuming that the NAI has been reg- 
istered in the anycast address management table 113, 
'ONLINE' Is set as the state of the NAI, and the anycast 
Infbnnation is set at the head of the service profile table 
of the service control transaction 120 shown in FIG. 18 
(step S22D). 

[0182] Then in step S22B, the assignment counter 
of the HA assignment management table 1 1 2 (FIG. 15) 
corresponding to the address of the specified HA 200 Is 
added. The subsequent operations (steps S22E and 
S22F) are basically the same as those described In (1) 
and (2) above. 

(4) Process performed when an AMR message In which 
an anycast address Is set is received from a mobile 
node lor which an anycast servtee Is not provided 

[0183] In this case, as in (3) above, the anycast 
address management table 1 13 is searched and control 
Is passed to step S22C. However, when a registration 
request Is receh^d from a mobile node for which an 
anycast service Is not provided, the NAI stored in tiie 
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received message has not been registered In the man- 
agement block of the anycast address management 
table 11 3. In this case, the AAAH 1 00 assumes that the 
registrBtlon request is an erroneous request or cm illegal 
request, and generates an AMA (authentication reply) 
message In which a corresponding error code Is set in 
Step S22E. Then, In step S22F, the AMA message Is 
transmitted to the target entity (for exannple, the AAAF 
400). 

(5) Process performed when a session completion mes- 
sage Is received, or when a session timer Indicates the 
maximum value 

[0164] When a message indicating the completion 
of a session Is recelvecl or when an internal event asso- 
ciated with the expiration of the session timer set in the 
service control transaction 120 shown In FIG. 18 Is 
detected, control is passed to step S22A, and the serv- 
ice control Information of the HA 200 assigned to the 
mobile node con^sponding to the session Is deleted. 
Thenp In step S22B, the assignment counter in the HA 
assignment management table 112 shown In FIG. 15 is 
decrenDsnted. Then, the AAAH 100 edits the protocol 
message corresponding to the received message, and 
transmits the edited protocol message to a target entity 
{steps S22E and S22F). 

(6) Process peitomrted when a message other than the 
messages ctescribed In (1) through (5) above are 
received 

[0185] In this case, a received message Is not an 
AMR message. Therefore, control Is passed to step 
&22A. Since the received message is not a message 
indicating the end of a session, it Is determined In step 
S22A that the service control Information about the HA 
200 need not be deleted. Then, a protocol message cor- 
responding to the received message is generated, and 
the protocol message Is transmitted to a target entity 
(steps 522E and522F). 

6. Corespondent node according to the present inven- 
tion 

6.1 Outline of comespondent node 

[0166] A con^espondent node (CN) 900 supports 
the MIP function extended by the present Invention. The 
CN 900 can be considered to be a subset of the FA 500 
or the HA 200 having the function of processing an MIP 
protocol and the function of controlling a binding cache. 

6.2 Configuration of correspondent node 900 

[0187] The con^spondent node 800 (CN 900) is a 
mobile node for supporting the Mobile IP (MlP) function 
extended by tiie present invention. In FIG.2, the CN 900 



Is connected to an IP network through the correspond- 
ent node 90 using an MIP. 

[0168] FIG. 23 Is a block diagram showing the func- 
tion of the CN 900. The CN 900 contains a service con- 

5 trol unit 910 and an IP packet control unit 920. The IP 
packet control unit 920 contains a binding cache 924 for 
temporarily holding packet edition Infomnation, a trans- 
mission appliance 923 such as a LAN card, etc. applied 
to a work station, an applteation layer 922, and a com- 

10 munlcattons control unit 921 for controlling the commu- 
nbattons wtth the sen/k» control unit 910. The servtee 
control unit 91 0 has the function of operating according 
to the MIP protocol, and the function of performing a 
common protocol process using a message reception 

IS buffer and a message transmisston buffer. 

6.3 Process flow of CN 900 

[0189] FIG. 24 is a flowchart showing ttie opera- 
20 tions of the CN 900 whbh has received a packet 
[0190] Upon receipt of a packet from ttie transmis- 
sion appnance 923, or a request to transmit a packet 
from the appncation layer 922 of the CN 900, the IP 
packet control unit 920 extracts the IP header Infomna* 
25 tion shown In FIG. 55 and the UDP header information 
shown in FIG. 56 from the received packet (step S241). 
Then, according to the destination address of the 
extracted IP header Information and the port number In 
the UDP header infonnation, it is detemiined whether 
30 the received packet Is a data packet or a protocol packet 
(stepS242). 

[0191] The processes in and subsequent to step 
S242 are described below by refening to practical 
examples (1) through (4). 

35 

(1) Process peifonned when a received packet is a 
protocol packet (S243 through S247). 

The communications control unit 921 gener- 
ates a control request message (FIG. 1 1) In whbh 
40 a message reception notification code is set 
according to the contents of the message stored in 
the received protocol packet, and transmits the con- 
trol request message to the service control unit 91 0 
(step S243). 

45 The service control unit 910 uses a transmis- 

sion buffer, and edits a protocol message when 
there is a reply message in response to the 
received control request message, or a continua- 
tion message detennlned kiy a protocol (step 
so S244). Then, the servkre control unit 910 transmits 
to the IP packet control unit 920 a message tiBns- 
mission request Instruction, end a control reply 
message (FIG. 1 2) In whteh a pointer of a transmis- 
sion message buffer is set In addition, when the 
ss received control request message is a binding 
update message containing packet edition informa- 
tion, the service control unit 910 extiacts binding 
cache Infomnation to be set In the binding cache 
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924 (Step S245). 

The IP packet control unit 920 receives a con- 
trol reply message from the service control unit 
910. When the control reply message contains an 
Instruction to set the binding cache 924, the sped- 5 
fled binding cache information Is registered in the 
binding cache 924 (step S246). When an instruc- 
tion to transmit a message is set as a control reply 
message, the specified message is transmitted as 
a protocol packet (step S247). io 

(2) Process performed when a received packet is a 
transmission data packet, and the address of the 
packet has been registered In a binding cache 
(S24B through S249) 

The communlcatk^ns control unit 921 checks is 
the received packet whether it is a transmission 
packet to be transmitted from the CN 900 to another 
device, or It Is a received packet transmitted from 
another device to the CN 900 (step S245). In this 
case, for example, if the source address of the 20 
packet is CN 900, then it is assumed to be a trans- 
mission packet If it is other than CN 900, It Is 
assumed to t>e a received packet 

When the packet received by the communica- 
tions control unit 921 Is a transmission packet, the 25 
IP packet control unit 920 checks whether or not the 
IP header infbrmalksn extracted from the packet 
has been registered In the binding cache 924 (step 
S248). if the IP header information has been regis- 
tered In the binding cache 924, the header of the 90 
packet is edited according to the infonnation regis- 
tered In the binding cache 924. Pnicticaiiy, the 
transmission packet is capsuled using the destina- 
tion address specified in the binding cache 924, 
and is transfen^ed to the address (step S249). 38 

(3) Process perfornwd when a received packet Is a 
transmission data packet, and the address of the 
packet has not been reg^ered In the binding cache 
(S248 through S24A) If the destinatton address of 

the received packet has not been registered In the 4o 
binding cache 924, the IP packet edited by the 
application layer 922 Is transmitted as is (steps 
S24d and S24A). 

(4) Process performed when a packet is a received 
data packet (S248 and S24C) 48 

When the packet received by the communica- 
tions control unit 921 Is a data packet addressed to 
the CN 900 (step S24B: received packet}, the appli- 
cation layer 922 Is notified of the reception of a data 
packet in step S24C. so 

7. Providing Diff-Serv 

[0192] The Diff-Serv Is a servk» of performing pri- 
ority transfer control on a packet based on the TOS S5 
value of the header of each IP packet Therefore, it is 
necessary for the HA 200 and the FA 500 to hoM the 
Infomnatton about the IP packet priority transfer order 
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from each mobile node. 

[Q193] In the system according to the present 
Invention, each user can be provided with a packet pri- 
ority transfer service in the priority transfer order 
assigned to the user when he or she makes a contract 
with a provider. Practically, each user is assigned an 
NAI by a provider when a contract Is made. At this time, 
the provMer sets the TOS in the user profile of the serv- 
ice control database 300 as a packet priorrty transfer 
order. As shown in FIG. 21, the user profile can be set 
individually for transmission packets and received pack- 
ets. An address and a port can be combined in setting 
the profile. According to the embodiment, 'assured for- 
warding* is adopted as a method of provMing Diff-Serv. 
In addition, a user of the mobile node 600 does not 
specify an address or a port, but Is assumed to specify 
unconditional application of class 1 (highest priority 
dass) to all transmission/received packsts. 

B. Process sequenca of the system according to the 
present Invention 

[0194] The configuration and operatton of each of 
the AAA, HA, FA, and CN according to the present 
Invention are described above. Described below In 
detail Is the process sequence In an end-to-end (for 
example, a mobile node and the HA 200) process. 
[0195] FIG. 26 shows the registration sequence in 
the Initial step where the AAAH 100 assigns the HA 200 
aocon^ng to the registration request message from a 
mobile node (MN, SN). 

1. Upon receipt of an agent advertisement mes- 
sage (mobile IP message) transmitted from the FA 
500, the mobile node 600 recognizes that It is 
located in the communicattons area of the FA 500. 

2. When the mobile node 600 moves outside the 
communtoations area of the HA 200 managed by a 
contract provider of the mobile node, it issues a reg- 
istration request message from the current location 
to the FA 500 of the provider within the communk:a- 
tlons area. 

3. When the FA 500 receives the registration 
request message from the mobile node 600, it 
obtains a unique session ID^ and extracts neces- 
sary Infonnation (the home address of the mobile 
node 600, the source link layer address, the UDP 
source port, the home agent address, the Identifier 
field of a registratton request, and a lifetime) from 
the registration request message. According to the 
obtained session ID and the infonnation extracted 
from the reglstiation request message, the FA 500 
generates the service control transactton 530, etc. 
shown in FIG. 2 or 4. In addition, according to an 
AAA protocol, the FA 500 transmits the AMR 
(authentication request) message obtained by cap- 
suling the registration request message to the 
AAAF400. 
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4. Upon receipt of an AMR message from the FA 
500, the AAAF 400 extracts necessary information 
(a session ID, a care-of address) from the AMR 
message, and generates service control Infonna- 
tlon containing the service control transaction 420, 5 
etc. shown in FIG. 2 or 14. Furthermore, the AAAF 
400 obtains an address corresponding to the user 
NAI contained In the received AMR message, and 
determines the AAAIH 100 responsible for authenti- 
cation of the mobile node 600. The AAAF 400 then f 0 
transmits the AMR message to the AAAi-l 1 00. 

5. Upon receipt of the AMR message, the AAAH 
100 performs an authenticating process on the 
mobile node 600 according to the authentication 
procedure of the AMR message. When the mobile is 
node 600 can be correctly authenticated, the sub- 
sequent processes continue, liowever, if the mobile 
node 600 cannot be authenticated, then an AMA 
(authentication reply) message is returned to the 
AAAF 400 with an appropriate reason code set In 20 
the message. 

8.1 Dynamic assignment of an IHA 

[0196] When the value erf the address of the home 2S 
agent in the registration request message capsuled in 
the AMR (authentication request) message is 0 (zero), 
the AAAH 1 00 or the AAAF 400 dynamically assigns the 
HA 200. Whether the AAAH 100 or the AAAF 400 
assigns the HA, depends on the contract between pro- 30 
viders, the policy of the providers, or a contract with a 
user. 

[0197] The HA 200 can be a plurality of HAs In the 
same provider in order to distribute the traffic load. In 
this case, upon receipt of a request to assign the HA 35 
200. the AAAF 400 or the AAAH 100 searches the HA 
assignment table 412 or 112, selects an HA having the 
smallest assignment number, and Increments the corre- 
sponding registration number In the HA assignment 
table 412 (1 12). When a user directly specifies an i-IA. 40 
the registration number of the conwponding HA 
assignment table 412 or 112 Is incremented. On the 
other hand, when an explicit session release request 
(for example, a registration request in which the expira- 
tion value of the timer Is set to 0 (zero)) is received, 45 
when a session release request Is received, or when the 
session of the AAA expires, the registration number of 
the HA assignment table 412 or 1 12 Is decremented. 
[0198] When there is a difference In perfonnance 
between networit appliances provided in an HA, net- so 
woric appliance infbnnation (for example, the class Infor- 
mation, etc. about networic appliances, ate.) is set In the 
HA assignment table 412 or 1 12. By linking the Infonna- 
tlon to the service type of an authenticated user or the 
TOS value of the Diff-Serv extracted from the service 59 
profile table shown in FIG. 5 or 14, a specific user can 
be assigned by priority to the HA 200 having a high-per- 
formance or high-function router. In addition, the load 



can be appropriately distributed in consideration of the 
class information about each appliance unit of a piuraiity 
of HAS. For ocample, tiie load can be distributed 
depending on the rate of the ability of an appliance unit 

8.2 In a case where an AAAH specifies an HA 

[0199] The AAAH 100 searches the service control 
database 300 shown in FIG. 2 or 21 using the NAI of the 
mobile node 600 stored in the authentication request 
(AMR) message received from the AAAF 400 as a icey, 
and extracts a comesponding user profile. 
[0200] Then, It generates a service corrtroi transac- 
tion 120 (FIG. 18) from the session ID extracted from 
the authentication request (AMR) message, the source 
address in the AMR message, and the user profile 
obtained from tiie service control database 300, and 
specifies the HA 200 according to the above described 
procedure. 

[0201] The AAAH 100 retrieves only necessary 
infomnation tor tiie HA 200 from the above described 
user profile. For example, since the HA 200 does not 
require tiie Information about a transmission pacicet 
from a mobile node In the infbmiation defined as a user 
profile, tiie Infonnation is not retrieved. Then, the AAAH 
100 sets tiie infonnation retrieved from the user profile 
in tiie AVP of tiie DIAMETER protocol, and transmits 
the HAR (HA reglsb^tion request) message containing 
tiie AVP to ttie HA 200. The AVP of tiie DIAMETER pro- 
tocol is shown in FIG. 67. The information retrieved from 
tiie user profile is stored In, for example, the 'DATA' of 
tiieAVR 

[0202] Upon receipt of a HAR message, the HA 200 
extracts necessary Infonnation (a session ID, an HAR 
source address, a cars-of address, an Identifier field of 
a registration request, a lifetime, a service profile) from 
the message based on which service control transac- 
tion 230 shown in FIG. 5 Is generated as continoi infor- 
mation. Then, the destination address (home address) 
is set in the service control filter 225 of a router control 
unit 220 shown in FIG. 3 or 9. 

6. The HA 200 returns an HA registration reply 
message (HAA) to the AAAH 100. 

7. Upon receipt of the HAA message, the AAAH 
100 searches for tiie service control transaction 
120 shown In FIG. 1 8 using the session ID set in the 
message as a l(ey, and retrieves only the necessary 
Infonnation for the FA 600. Then, an authentication 
request (AMA) message, in which the retrieved 
Infonnation Is set in tiie 'AVP of the DIAMETER 
protocol. Is generated. The AMA message is tanans- 
mitted to the autiienticatlon request address (AAAF 
address) registered In the session transaction table 
shown in FIG. 18. 

Upon receipt of the AMA message, the AAAF 
400 searches the session transaction shoiwn in 
RG. 14 using the session ID set In the message as 
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a key, and transfers the AMA message to the 
obtained FA address. When there Is an agreement 
between AAAs (for example, between an AAAF and 
an AAAH), It Is possible to change a prior% transfer 
order based on the TOS value of a service control 5 
transaction. 

8.3 In a case where an AAAF specifies an HA 

[0203] The sequence set when the AAAF 400 spec- w 
ifies the HA 200 is described below by referring to FIG. 
26. Since the procedures 1 through 4 are the same as 
the procedure used when the AAAH 100 specifies the 
HA 200, the detailed explanation Is omitted here. 

15 

5. The AAAH 100 searches the sen/ice control 
database 300 shown in FIG. 2 or 21 using a 
received user NAl, and extracts a corresponding 
user profile. In addition, It generates the service 
control transaction 120 shown In FIG. 16 using the 20 
session ID and the source address from the 
received AMR message, and the user profile 
extracted from the service control database 300. 
The AAAH 100 sets all Infomnation extracted from 

the service profile in the AVP of the DIAMETER 25 
protocol, and transmits the authentication reply 
(AMA) message containing the AVP to the AAAF 
400. 

6. Upon receipt of the AMA message, the AAAF 
400 oonfinns the value of the home address In the 30 
message. If the value of the address is 0 (zero), 
then the service profile of the AMA message is set 

In the service control transaction 420 shown in FIG. 
14, and the HA 200 Is specified according to the 
above described procedure. The AAAF 400 sets In 35 
the AVP of the DIAMETER the necessary Infomia- 
tlon only for the HA 200 from the Information 
extr^ed from the service profile and stored in the 
AMA message. Then, the HA registration request 
(hlAR) message containing the AVP is tmnsmltted 40 
to the HA 200. 

Upon receipt of the IHAR message, the HA 200 
extracts necessary Infbmiation (a session ID, an 
HAR source address, a care-of address, a reglstre- 
tlon request Identifier field, a fifetlme, a service pro- 4b 
file) from the message, and generates the service 
control transaction 230 shown In FIG. 6. Then, the 
HA 200 sets the destination address (home 
address) In the service control filter 226 of the 
router control unit 220. so 

7. The HA 200 returns an HA registration reply 
(HAA) message to the AAAF 400. 

8. Upon receipt of the HAA message from the HA 
200, the AAAF 400 searches the service control 
transaction 420 shown In FIG. 1 4 using the session ss 
ID set in the message, and retrieves necessary 
Intbmnatlon fbr the FA 500. An authentication reply 
(AMA) message is generated with the retrieved 



Information set In the AVP of the DIAMETER proto- 
col, and the AMA message is transmitted to the KnA 
address at the head of the session transaction 
table. When there is an agreement between AAAs 
(for example, between an AAAF and an AAAH), the 
priority transfer order of packets can be changed 
based on the TDS value of service type Intomna- 
tion. 

TTius, in FIG. 25, the AAAH 100 selects an 
appropriate HA 200 and assigns it to a mobile node. 
However, in FIG. 26. the AAAF 400 selects an 
appropriate HA 200 and assigns it to a mobile node. 
That is, in the sequence shown in FIG. 26. the 
AAAH 100 returns the authentication reply (AMA) 
message to the AAAF 400 without trEmsmltting the 
HAR message to the HA 200, and the HA reglstre- 
tion request (HAR) message is transmitted from the 
AAAF 400 to the HA 200. The HA 200 returns the 
registration reply (HAA) to the AAAF 400. 

By dynamically specifying an HA as described 
above, the following merit can be obtained. For 
example, assume that a mobile node Is moved from 
Japan to the U.S., and the mobile node communi- 
cates with a correspondent node In the U.S. In this 
case, the mobile node Is accommodated by an FA 
in the U.5. If the HA of the mobile node is fixed In 
Japan, the traffic increases between the FA 500 
provided In the U.S. and the HA 200 provided In 
Japan, and data cannot be efficiently processed. 
Therefore. It becomes convenient if an HA operat- 
ing fbr the mobile node is specified in the U.S. when 
the mobile node Is moved to the U.S. and Its loca- 
tion is registered In the U.S. in the system accord- 
ing to the present Invention, to obtain the above 
described merit, an HA Is dynamically assigned 
When the location of the mobile node is registered. 
As a prefen^d embodiment, the HA 200 Is dynami- 
cally assigned in the same domain as the FA 500. 

6.4 Setting service control transaction infonnation In an 
FA 

[0204] Upon receipt of an authentication reply 
(AMA) message from the AAAF 400, the FA 500 
searches for the service control transaction 530 using 
the session ID con^pondlng to the nnessage, and a 
home address, an HA address, and a service profile 
provided by the AMA message are set in the sen^e 
control transaction 530 as shown In FIG. 4. A source 
address (home address) Is set In a service control filter 
526 of a router control unit 620. Then, the FA 500 trans- 
mits a registration reply message to the link layer 
address of the MN or SN Indicated by the service con- 
trol transaction 530 (9 shown in FIG. 25 or 26). 

8.5 Distribution of data packed 

P205] FIG. 27 shows the sequence of distributing a 
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data packet from the mobile node (MN, SN) 600 to the 
CN 900. 

(1) Default forwarding 

5 

[0206] In this embodiment, it Is assumed that the 
mobile node (MN, SN) 600 whose Initial location has 
been registered in the above described procedure com- 
municates with the con^pcndent node CN 900 con- 
nected to an IP networic In addition, It is assumed that io 
Diff-Serv is provided as a value-added service. 
[0207] TTie mobiie node 600 starts transmitting a 
data pacicet to the CN 900 (1 shown in FIG. 27). This 
packet is first received by the FA 500 accommodating 
the mobiie node 600. is 
[0208] Upon receipt of a pacicet from the mobile 
node GOO whose location has been registered, the FA 
500 searches the visitor list shown in FIG. 4 using the 
source address in the iP header of the packet because 
the source address of the packet Is registered in the 20 
service control filter 225 of the FA 500. Then, the serv- 
ice type (transmission of Dfff-Serv] In the service profile 
table to be linked to the visitor list in which the ebove 
described source address is set is searched for, and the 
relevant information set therein Is refenred to. In this 2S 
embodiment, It Is assumed that the policy for assign* 
ment of the assured fonwardlng dass 1 (highest priority 
level) is set as a TOS value to all packets transmitted 
from the mobile node 600. Therefore, the FA 500 sets 
the above described value as a TOS value of the IP 30 
header of the received packet, and transfers the packet 
to the destlnatton address Indicated by the IP header (2 
shown In FIG. 27). At this time, the FA 500 generates 
the binding cache 224 according to the edition Infomia- 
tlon at}out the packet. 3S 
[0209] Upon receipt of the data packet, the CN 900 
transmits the packet to the 'source address' stored In 
the packet (3 shown in FIG. 27). For example, the CN 
900 stores the information (for example, a Web page) 
spedfied by the mobile node 600 In the packet, and than 40 
transmits the packet 

[021 0] At this time, the address of the mobile node 
600 is set as the destination address of the packet 
transmitted from the CN 900. The address of the mobile 
node 600 Is managed by the HA 200. Therefore, the 45 
packet transmitted from the CN 900 is temporarily tians- 
ferred to the HA 200. At this stage, the binding cache 
924 has not been set In the CN 900. in addition, a cor- 
responding QoS (priority transfer control) Is not applied 
to the mobile node ^0. Upon receipt of the packet from so 
the CN 900, the HA 200 retrieves the servtee control 
transaction 230 shown in FIG. 5 using the destination 
address stored in the header of the received packet 
because the destination address of the packet Is regis- 
tered In the servtee control filter 225 of the HA 200. ss 
Then, the servne type (arrival of DIff-Serv) of the serv- 
ice control transactton in whteh the destlnatton address 
is registered, and the relevant setting Infbrmation is 



refemed to. In this embodiment, it Is assumed that the 
polk;y for providing the "assured fbrararding dass V of all 
packets addressed to the mobiie node 600. In this case, 
the HA 200 assigns the value con^esponding to the 
class 1 as a TOS value of all packets addressed to the 
mobile node 600. Practically, the HA 200 first capsules 
a packet receh^ed from the CN 900 using the care-of 
address of the mobile node 600 extracted from the serv- 
tee control transaction 230, assigns the TOS value to 
the header of the capsuled packet, and transmits the 
packet to the care-of address (4 shown in FIG. 27). In 
this case, the care-of address of the nmblle node 600 Is 
the address of the FA 500 directly accommodating the 
moblte node 600. The address of the FA accommodat- 
ing the mobiie node 600 has been transmitted to the HA 
200 according to the AMR message and the HAR mes- 
sage in the location registration procedure of the mobile 
node 600. 

[0211] Then, the HA 200 generates the binding 
cache 224 in which the header editten Informatten about 
die packet is set 

(2) Transfer of data packet by FA 

[0212] Upon receipt of the data packet capsuled by 
tiie HA 200, the FA 500 decapsules it (5 shown in FIG. 
27). Then, the FA 500 retrieves a oonnesponding link 
layer address from the servtee control transaction 530 
using the destinatten address erected from the header 
information about the decapsuled packet Then, the 
decapsuied data packet is tnansfenied to the extracted 
link layer address (6 shown In FIG. 27). 

(3) Route optimization 

[0213] When tiie HA 200 starts transffenlng to the 
FA 600 the data packet addressed to the mobile node 
600 after capsuling it the HA 200 notifies the CN 900 of 
the care-of address of the mobile node 600 using a 
binding update message to optimize the transfer route. 
Thus, the CN 900 can transmit a data packet directiy to 
the care-of address of the mobile node 600 after capsul- 
ing the packet. 

[0214] According to the present Invention, the CN 
900 can be notified of tiie currently applied TOS value 
by extending the binding update message (7 shovim In 
FIG. 27). In the information stored as a servtee profile of 
the service control transaction 230 shown In FIG. 5, the 
HA 200 notifies the CN 900 of the necessary Informa- 
tion only for the ON 900 because tiie information other 
than the TOS value to be added to a data packet 
addressed to the mobile node 800 is insignificant for the 
CN 900. Different policy relating to specific communica- 
tions can applied by the HA 200 to the communteations 
between the mobile node 600 and otiier conBspondent 
nodes. 

[0215] Upon receipt of the binding update mes- 
sage^ the CN 900 generates tiie binding cache 924 for 
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storing the home address, the care^f address, and the 
TOS value of the mobile node 600 obtained from the 
message. Thenp the CN 900 searches the binding 
cache 924 when ft transmits a packet If a home address 
matching the destination address set In the header of 5 
the packet has been registered, then the CN 900, like 
the HA 200, capsules the packet using the care-of 
address registered in the binding cache 924, and 
assigns the registered TOS value to the packet Then, 
the CN 900 transmits the packet to the care-of addrss& 10 
Ip216] Hereafter, the packet addressed to the 
mobile node 600 from the CN 900 Is transf^med directly 
to the FA 600 aocommocteting the mobile node 600 
according to the care-of address of the mobile node 600 
(8 shown In FIG. 27). Since the TOS value has been 15 
assigned also to the pacicet addressed to the mobile 
node 600 from the CN 900, the Diff-Serv service is pro- 
vided not only for the packet from the mobile node 600 
to the CN 900, but also for the packet from the CN 900 
to the mobi la node 800. 20 

(4) Transfening data packet by FA 

[0217] Upon receipt of the data packet capsuled by 
the CN 900, the FA 500 decapsules It (9 shown In FIG. 25 
27). The FA 500 also extracts the destination address 
from the header Infonnation of the decapsuled packet, 
and extracts a con^pondlng link layer address from the 
service control transaction 530. Then, the decapsuled 
data packet is transfemed to the extracted link Isyer 30 
address (10 shown In FIG. 27). 

8.6 in a case where a mobile node is moved from the 
communications area of an FA to the communteatlons 
area of another FA In the same AAAF (case 1) 3S 

[0216] FIG. 28 shows the locatnn registration pro- 
cedure used when a mobile node is moved from the 
communications area of an FA In an AAAF to the com- 
munications area of another FA. In the descrlptton 40 
below; a 'previous FA' refers to a foreign agent which 
had accommodated the mobile node 600 before the 
mobile node 600 was moved. A 'new FA' refers to a for- 
eign agent for accommodating the mobile node 600 
after the mobile node 600 has been moved. 45 
[0219] FIG. 29 shows tile sequence in a case 
where the mobile node 600 Is moved from the commu- 
nications area (a subordinate access network) of the 
previous FA to the communteations area of the new FA. 
In this case, the new FA obtains service profile Infomna- so 
tion, etc. from an AAA using a DIAIUETER message In 
the AAA protocol, and the pravtous FA deletes the serv- 
\ce control infonnation about the mobile node 600 man- 
aged and accommodated by the previous FA. 
[0220] FIG. 32 shows an example of the NAl regis- ss 
tration tMe used by an FA. FIG. 33 shows an example 
of die table based on whteh the IP address of an agent 
tstransfonmed Into an NAl prefix. 



[0221] The sequence set when the mobile node 
600 transmits a registration request message to per- 
Ibmn location registration Is described below by r^enlng 
to FIGS. 28 and 29. 

1. When the mobile node 600 is moved from the 
communications area of the previous FA to the 
communbations area of the new FA, and receives 
the agent advertisement message (mobile IP mes- 
sage) from tiie new FA, it transmits a registration 
request message to the new FA. At this time, The IP 
address of the previous FA and the NAl (networlc 
access identifier) of the mobile node 600 are 
Included in the registration request message. 

2. Upon receipt of the registration request mes- 
sage, the new FA extracts necessary Information 
from the message, and generates tiie servtee con- 
trol transaction 530, etc. shown In FIG. 2. In addi- 
tion, the new FA obtains the NAl prefix of the 
previous FA by referring to the NAl prefix table 
shown in FIG. 33 using die IP address of the previ- 
ous FA. The NAl prefix can identify, for example, a 
domain. Then, the new FA capsules the registration 
request message received from the mobile node 
600, and transmits It to the AAAF 400 as an authen- 
tication request (AMR) message. The AMR mes- 
sage contains the NAl prefix of the previous FA 500 
and the NAl of the mobile node 600. The session ID 
of the AMR message is assumed to be unentered. 

3. Upon rece^ of the AMR message, the AAAF 
400 generates a provisional session transaction 
table using the NAl of the mobile node 600 as an 
index, it obtains the address of the AAAIH 100 by 
referring to tiie NAl registration table, and transfers 
the AMR message to the AAAH 1 00. 

4. Upon receipt of the AMR message, tiie AAAH 
100 searches the control block for the con^espond- 
ing service profile (and tiie session ID) using the 
NAl of the mobile node 600 contained in the mes- 
sage as an index. When the comespondlng servne 
profile (and session ID) is found, the service profile 
(and the session ID) Is stored In the AVP of the 
DIAMETER message, and the registration request 
(HAR) message containing the AVP is transmitted 
to the HA 200. At this time, the AAAH 100 registers 
tiie HA 200 as necessary 

6. Upon receipt of the IHAR message, the HA 200 
retrieves the session transaction of the mobile node 
600 using the session ID as an Index, if the retrieval 
has resulted in a hit, the address of the new FA Is 
registered. When the location registering process Is 
completed, the HA 200 edits only necessary infor- 
mation for the new FA, and transmits a registration 
reply (HAA) message to the AAAH 1 00. At tills time, 
tiie HA 200 can store tiie necessary Infbmiation for 
the new FA in the AVP of the HAA message. 
6l Upon receipt of the HAA message, the AAAH 
100 retrieves the session transaction using the ses- 
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slon ID stored in the message, and transmits the 
authentication reply (AM A) message to the address 
of the new FA extracted by the retrieval. At this time, 
the AAAH 100 can store the necessary infonnation 
for the new FA In the AVP of the AMA message. 5 

7. Upon receipt of the AMA message, the AAAF 
400 extracts necessary service profile Infonnation, 
etc. from the message, and relays the AMA mes- 
sage to the new FA according to the service trans- 
action Information. At this time, necessary fa 
information for the new FA can be stored In the AVP 

of the AMA message transmitted to the new FA. 

8. Upon receipt of the AMA message, the new FA 
obtains necessary Information from the message, 
and transmits a binding update (MBU: MIP binding is 
update) message to the previous FA. 

9. Upon receipt of the MBU message, the previous 
FA deletes the service control information corre- 
sponding to the session ID stored In the message. 

in addition, when a routing table for use in transfer- so 
ring a message addressed to the mobile node 600 
to the new FA is set, an MBA (MIP binding acknowl- 
edge) message Is transmitted to the new FA. 

1 0. Upon receipt of the MBA message, the new FA 
recognizes that the service control infonnation has 25 
been deleted by the previous FA. 

11. The new FA decapsules the DIAMETER ele- 
ment, and transmits the registration reply message 
to the mobile node 600. 

12. Upon receipt of the registration reply message, 30 
the mobile node 600 recognizes that the process 
has been completed on the registration request 
message, and terminates a series of processes 
relating to the location registration. 

35 

8.7 In a case where a mobile node Is moved from the 
communications area of an FA to the communications 
area of anotiier FA in the same AAAF (case 2) 

[0222] The present embodiment relates to a case in 40 
which a home agent of tiie mobile node 600 Is specified 
by the AAAF 400. The sequence set when the mobile 
node 600 is moved from the communications area of the 
previous FA to the communications area of the new FA 
Is described below by refenring to FIGS 30 and 31. In 4s 
FIG. 31, 1 tiirough 3 refer to the same operations as In 
FIG. 29, and the descriptions of the operations are omit- 
ted here. 

4. Upon receipt of the AMR message from the so 
AAAF 400, the AAAH 100 searches the session 
transaction table using the session ID stored In the 
message, and registers the address of the new FA 
therein. Then, the AAAH 100 transmits the AMA 
message to tiie address of tiie AAAF 400 shown in ss 
the session transaction table. 

5. The AAAF 400 obtains a session transection 
table based on the of tiie mobile node 600 



stored In the AMA message. Then, It extracts the 
address of the HA 200 from the session transaction 
table, and transmits tiie registration request (IHAR) 
message to the HA 200. 

6. Upon receipt of the HAR message, tiie HA 200 
searches the session transaction table of the 
mobile node 600 using the session ID as an index. 
If the retrtevai results In a hit, the address of the new 
FA is registered therein. When the registering proc- 
ess is completed, tiie AAAH 1 00 edits only the nec- 
essary infonnation for the new FA, and transmits 
the registration reply (HAA) message to tiie AAAF 
400. At this time, the necessary information for the 
new FA can be stored in the AVP of the IHAA mes- 
sage. 

7. Upon receipt of the HAA message, the AAAF 400 
relays the AMA message to the Rft 500 according to 
the service tmnsaction Information. 

Since the subsequent processes (8 through 12 
shown In FIG. 31) are basically the same as the 
process sequence shown In FIG. 29, the descrip- 
tions are omitted hers. 

8.8 In a case where a mobile node is moved from the 
communications area of an FA managed by an AAAF to 
tiie communications area of an FA managed by anotiier 
AAAF 

[0223] The embodiment is described below by 
referring to FIGS. 34 and 35. in the descriptions below, 
a "previous AAAF refers to a foreign agent which man- 
ages the previous FA, and a 'new AAAF refers to a for- 
eign agent which manages the new FA. 

1 . The same as 1 shown in RG. 29. 

2. Basically the same as 2 shown in FIG. 29. How- 
ever, the new FA transmits an AMR message to the 
new AAAF 

3. Upon receipt of the AMR message, the operation 
of the new AAAF performs basicaily the same oper- 
ation as the AAAF 400 described above by refenring 
to 3 shown In FIG. 29. 

4. and 5. Basically tiie same as 4 and 5 shown In 
RG. 29. 

6. Upon receipt of the HAA message, the AAAH 
1 00 compares the NAI prefix of the new FA witii the 
NAI prefix of the previous FA. It Is assumed that 
they are different from each other, in this case, the 
AAAH 1 00 recognizes that the mobile node 600 has 
been moved from the communications area of the 
previous AAAF to the communications area of the 
new AAAF. The AAAH 1 00 generates an AMU mes- 
sage storing the MBU message, sets the IP 
address of the previous FA as the address of the 
AMU message, and transmits It to tiie previous 
AAAF 

7. Upon receipt of the AMU message, the previous 
AAAF deletes the service profile conesponding to 
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the session ID stored in the message, and transfers 
the AMU message to the previous FA. 

8. Upon receipt of the AMU message, the previous 
FA deletes the service profile coniesponding to the 
session ID stored In the message, and sets the 5 
routing tak>le for use In transferring the message 
addressed to the mobile node 600. The previous FA 
transmits the AMAo message to the previous AAAF 

9. Upon receipt of the AM Ac message, the previous 
AAAF recognizes that the service control Informa- w 
tton corresponding to the mobile node 600 has 
been deleted In the previous FA, and transmits the 
AMAc message to the AAAIH 1 00. 

10. Upon receipt of the AMAc message, the AAAIH 
100 extracts necessary service profile information, 15 
etc from the message, and relays the AMA mes- 
sage to the new AAAF according to the service 
transaction information. Then, upon receipt of the 
AMA message, the new AAAF transmits the AMA 
message to the new FA 20 

1 1 . The new FA obtains the DIAMETER element by 
decapsuling the AMA message, and transmits the 
registration reply message to the mobile node 600. 

12. Upon receipt of the registration reply message, 

the mobile node 600 recognizes that the location 25 
registering process has been completed, thereby 
tenninatlng a series of processes. 

8.9 Example of configuration of a network In anycast 
service 30 

[0224] An anycast service refers to a service In 
which a plurality of temninai devices are assigned to a 
preliminarily registered address, and a padcet for which 
the registered address Is set as a destination address is 35 
transferred to any of the plurality of tennlnal devices 
when rt is transmitted. The preliminarily registered 
address Is referred to as 'anycast address'. The policy of 
selecting one or more termir^ls from the piuredity of ter- 
minal units is determined such that the load can be 40 
evenly distributed to the terminal units, or the transmis- 
sion route of the packet can be the shortest 
[0225] FIG. 36 Shows an ANYCAST service. In this 
example, tennlnals 1 through 3 have made contracts to 
recehm anycast services. TTien, It is assumed that the 4s 
terminals 1 and 2 are moved to the communteatlons 
area of the service provider 1, and are accommodated 
by the FA 1, and the temiinal 3 is moved to the commu- 
nications area of the service provider 2, and is accom- 
modated by the FA 2. Described below is the sequence so 
set when the terminals 1 through 3 parttelpate (or are 
registered) in the anycast service. 
[0226] The anycast servtee provider for providing 
an ANYCAST service pubHshes some of the IP 
addresses owned by the provider as anycast 55 
addresses. The pubfished IP addresses are recorded 
automatically or by an operator In the anycast manage- 
ment table of the AAAH 100. Practicaliy; for exannple^ 



when a tennlnal requests to use a published anycast 
address, the NAI of the tenninal is set In the anycast 
address management table shown In FIG. 19. In this 
example, it Is assumed that the terminal 1 (NAI-1), the 
tennlnal 2 (NAI-2), and the terminal 3 (NAI-3) have 
requested to use '123.123.123.123' which is one of the 
anycast addresses. The terminals 2 and 3 are minor 
servers of the tennlnal 1 . 

8.10 Anycast registration sequence 

[0227] The sequence set when the terminals 1 
through 3 participate In the anycast servtee is described 
below by refen^lng to FIG. 37. 

(1) Terminal 1 participating ANYCAST 

ip228] 

Procedures 1 through 3: Terminal 1 (mobile node) 
recognizes its own k)cation by receiving an agent 
advertisement message (mobile IP message) perl- 
odk^lly transmitted from a home agent (l-iA) or a 
foreign agent (FA). In this example, upon receipt of 
the message from the FA 1 , the tennlnal 1 recog- 
nizes that It is located In the communteations area 
of the FA 1. At this time, the tennlnal 1 transmits a 
registration request message to the FA 1 according 
to the ordinary mobile IP procedure. In the registra- 
tion request message, the NAI, the home address 
(ANYCAST address), and the home agent address 
specified when the user of the terminal 1 makes a 
contract with a service provider are set Then, upon 
receipt of the registration request message, the FA 
1 capsules the message, and tranOTihs it to an 
AAAH as an authentication request (AMR) mes- 
sage. 

Procedure 4: Upon receipt of tiie AMR message In 
the predetermined process, the AAAH performs an 
authenticating process on the user (terminal 1) who 
Issued the registration request 
Procedure 5: The AAAH chedcs whether or not the 
home address notified through the AMR message 
is an anycast address by referring to the anycast 
address management table. If the notified address 
Is not an anycast address, an ordinary registration 
procedure Is performed. On the other hand. If the 
notified address Is an anycast address, then It is 
confirmed whether or not the NAi of the user (termi- 
nal 1) who Issued the registration request has been 
registered. If It has not been registered, the request 
is rejected, and an authentication reply (AMA) mes- 
sage in which an emor code Indicating a user who 
has not been registered is set Is returned to the FA 
1. On the other hand. If the NAI has been regis- 
tered, the state of the corresponding NAi In the any- 
cast address management table is rewritten into 
'ONLINE'. Then, the AAAH sets the service profile 
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extracted from the eervioe oontrol transaction 120 
In the AVP of the DIAMETER message, and trans- 
mits the HA reglstrertion request (HAR) message 
storing the AVP to the HA. In addftlon. It sets a serv- 
ice type (ANYCAST) In the service profile table of 5 
the service control transaction 120. 
Procedure 6: Upon receipt of the HAR message, 
the HA extracts necessary Information (a session 
ID, an HAR source address, a care-of address, a 
registration request Identifier field, a lifetime, and a 10 
service profile) from the message, and generates a 
service control transaction shown In FIG. 5. At this 
time, the ANYCAST Information about the service 
profile Is not set in the service control transaction 
230. but In the ANYCAST address binding table is 
212 shown in FIG. 3. A source address (any cast 
address) Is set In the service control filter 225 of the 
router control unit 220. Furthermore, the IHA returns 
the HA registration reply (HAA) message to the 
AAAH. 20 
Procedure 7: Upon receipt of the HAA message, 
the AAAH searches for the seivloe control transac- 
tion 120 using a session ID. At this time, if the serv- 
ice type (ANYCAST) has been registered In the 
service profile shown in FIG. 1 8, then the 'NAi' hav- 25 
ing the same care-of address as the FA 1 to which 
the mobile node (tennlnal 1) Is linked about the any- 
cast address from the anycast address manage- 
ment table, and the 'STATE* are set in the AVP of 
the DIAMETER message. Then, the authentication 30 
reply (AMA) message storing the AVP Is transmit- 
ted to the address (AAAF 1) of the source of the 
authentication request Indicated by the service con- 
trol transaction 120. 

Procedure 8: Upon receipt of the AMA message, 3S 
the AAAF 1 searches for the service control trans- 
action 420 using a session ID, and relays the AMA 
message to the FA address registered In the ses- 
sion transaction table shown In FIG. 14. 
Procedure 9: Upon receipt of the AMA message 40 
from the AAAF 1, the FA 1 accesses the service 
control transaction 530 using a session ID, and sets 
the home address, the home agent address, and 
the service profile received from the AMA message. 
At this time, the ANYCAST Infomnation Is not set In 45 
the service control transaction 530, but is set In the 
anycast address binding table 212. in adcfitkin, the 
destination address (anycast address) Is set in the 
service control filter 225 of the router control unit 
520 shown In FIG. 9. The FA 1 transmits a reglstra- so 
tlon reply message to the link layer address of the 
terminal 1 set In the service control transaction 530. 

(2) Tennlnai 3 parttelpating In ANYCAST 

ss 

[0229] T>ie registration procedures (procedures 10 
through 1 8) of the tenmlnal 3 are basically the same as 
the above described registration procedures (proce- 
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dures 1 through 8) of the terminal 3. However, the regls- 
faBtion request message transmitted from the terminal 3 
is received by the FA 2, the AMR message transmitted 
by the FA 2 is transferred to the FA 2 through the AAAF 
2, and a registration reply message is transmitted from 
the FA 2 to the terminal 3. 

[0230] If an anycast address contending to the 
terminal 3 has already been registered when the AAAH 
sets the Information about the terminal 3 in the ANY- 
CAST address binding table 212 shown In Fig. 6, then 
the Information about the terminal 3 Is unconditionally 
ovenmitten (or added). 

(3) Tenfninal 2 participating in ANYCAST 

[0231] The registration procedures (procedures 19 
through 27) of the temiinal 2 are basically the same as 
the above described registration procedures (proce- 
dures 1 through 9) of the tennlnai 1 . 

8.1 1 Distribution of packet to anycast address 

[0232] FIG. 38 shows the sequence of distributing a 
packet to an anycast address registered in the proce- 
dure shown In FIG. 37. In this example, users A through 
C transmit packets to an anycast address for example, 
(123.123.123.123). 

[0233] An anycast address is an IP address whldi 
belongs to the HA shown in FIG. 36. TTie anycast 
address Is assumed to be registered In the service con- 
trol filter 225. Therefore, when a packet in which the 
anycast address Is set Is transmitted to the IP network, 
the packet Is temporarily transferred to the HA, Is picked 
up by the service control filter 225, and then receives a 
predetermined process by the HA. Described bek^w Is a 
practical example. 

Procedure 1: When the user A transmits a data 
packet In which an anycast address Is specified as 
a destlnatksn address, the packet is transferred to 
the HA 

Procedure 2: Upon receipt of the pacl«t from the 
user A, the HA checks whether or not the destina- 
tion address of the packet has been registered in 
the service control filter 225 (shown In FIG. 9) of the 
HA In this example, it Is assumed that the destina- 
tion address has already been registered In the 
service control filter 225. in this case, the HA 
searches the anycast address binding table 212 
shown in FIG. 6, and detemnines whether or not the 
destination address of the receh^ packet has 
already t>een registered as an anycast address. In 
this example, the destination address Is assumed 
to have been registered. In this case, the HA 
selects an address according to the 'ANYCAST 
ADDRESS SELECTION POLICY* stored In the 
anycast address binding table 212. in this example, 
It Is assumed that the selection policy to cydk^liy 
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select In the order of registration a terminal whose 
state Is 'ONLINE' from among the terminals (NAI) 
registered In the anycast address binding table 212 
shown In FIG. 6. Here, It is assumed that the tennl- 
nals 1 through 3 (NAi-1 through NAI-3) have been 5 
registered in the procedure shown in FIG. 37. and 
their state are "ONLINE. In this case, for example, 
the temilnal 1 (NAi-1) is selected. 

The HA generates the binding cache 224 (FIG. 
8) to prevent a pacicet having the same source 10 
address from being transferred to a different server 
during the process. The binding cache 224 Is gen- 
erated based on the combination of a source 
address and a destination address. A packet having 
the source address and the destination address 15 
registered In the binding cache 224 is transferred to 
the same destination address until the binding 
cache 224 Is deleted. An appropriate lifetime value 
is set In the binding cache 224, and the setting is 
released if a predetennined time (for example, the 20 
expiration of a timer) elai^ses. 
Procedure 3: The service control transaction 230 Is 
retrieved using the 'NAl-1 ' selected In the procedure 
2, and the care-of-address (FA 1 in this case} of the 
tenrtinai 1 is extracted. Then, the pacl(et received 25 
from the user A is capsuled, and is transmitted to 
the care-of-address. 

Procedure 4: Upon receipt of the paclcet transmitted 
from the IHA, the FA 1 decapsules IL The destina- 
tion address of the decapsuied pacl(et is the any- so 
cast address specified by the user A. The anycast 
address Is registered In the service control filter 225 
of the FA 1 , and the temiinais 1 and 2 are registered 
in the anycast address binding table 212 corre- 
sponding to the anycast address (procedures 8 and 3B 
28 shown In FIG. 37). In the FA 1 , It is assumed that 
the 'ANYCAST ADDRESS SELECTION POLICV 
of the l-IA is defined. Ther^ore, upon receipt of the 
pad(0t, the FA 1 selects the tenninai 1 (NAI-1) 
according to the selection policy. Uke the HA, the 40 
FA 1 also generates the binding cache 224. 
Procedure 5: The FA 1 retrieves the service control 
transaction using the 'NAi-1 ' selected in the proce- 
dure 4, extracts a con'esponding link layer address 
(for example, a MAC address), and transmits the 45 
packet to the link layer address. 

Described below Is the case In which the user 
B transmits a packet to the anycast address. 
Procedure 6: The packet is transferred to the HA. 
Procedure 7: Upon receipt of the packet, the HA so 
searches the binding cache 224 of the router con- 
trol unit 220. At this time, it Is assumed that the 
source address (user B) of the received packet has 
not been registered in the binding cache 224. in this 
case, the HA selects the next terminal (NAI) from ss 
the anycast address binding table 21 2 according to 
the above described selectton policy. In this exam- 
ptep the tenninai 2 (NAI-2) is selected. At this time^ 



a binding cache associating the user B with the ter- 
minal 2 Is generated. 

Procedure 8: The HA retrieves the servtee control 
transactton 230 using the 'NAi-2' selected In the 
procedure 7, and extracts the care-of-address (FA 1 
in this example) of the terminal 2. Then, the HA 
capsules the packet received from the user A, and 
transmits it to the care-of-address. 
Procedures 9 and 10: As In the above described 
procedures 4 and 5, the FA 1 selects the 'NAl-2* 
from the anycast address binding table, and trans- 
fers the packet to the tenninai 2. 

The sequence (procedures 11 through 15) of 
the user C transmitting a packet to the above 
descrit>ed anycast address Is bask»lly the same as 
the sequence In the procedures 1 through 5 or the 
procedures 6 through 10. However, It is assumed 
that the HA selects the terminal 3 (NAI-3) as the 
destination of the packet transmitted from the user 
C. In this case, the HA transmits the packet to the 
FA 2 accommodating the tenninai 3. Only the termi- 
nal 3 (NAI^) has been registered as a tenninai cor- 
responding to the anycast address In the anycast 
address binding table of the FA 2 of the provider 2. 
Therefore, the FA 2 mctracts a corresponding link 
layer address by retrieving the servk^e control trans- 
action using the 'NAI-3'. and transmits the packet to 
the link layer address. Thus, in the system accord- 
ing to the present invention, an ANYCAST sennce 
can be provided over a plurality of provMers. in 
addition, since an address Is selected using a NAI 
off a mobile node, a consistent policy can be applied 
between an HA and an FA although there are a plu- 
rality or ANYCAST registration terminals In the 
same FA. 

B.12 Packet filtering in HA 

[0234] The restriction and rejection of the transfer of 
a data packet according to the present invention Is 
described below by refeirlng to FIG. 39 using an exam- 
ple of accessing a provkier (coniespondent node 900 
(ON)) unintentionally specified for restriction by a mobile 
node whose Initial location has been registered while it 
Is enjoying the World WMe Web surfing. 

1. The mobile node (MN, SN) 600 transmits pactet 
data for access to the Worid Wide Web to the CN 
900. 

Z Upon receipt of the packet, the FA accommodat- 
ing the mobile node extracts the source address 
and the destination address of the packet from Hs 
header, and checks whether or not the addresses 
have been set in the binding cache 224 (FIG. 8) or 
the service control filter 225 (FIG. 9). In this exam- 
ple, It is assumed that these addresses have not 
been registered. In this case, the FA refers to the 
routing table 223 (FIG. 7), and tnansfere tiie packet 
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to the destination address (CN 800) indicated by 
the header. 

3. Upon receipt of the data packet, the CN 900 
returns a reply message in response to the mes- 
sage stored in the pacltet For example, upon s 
receipt of the data paclcet, the Web server (CN 800 

in this example] transmits the data packet as a reply 
message to the source address (mobile node ^0) 
of the paclcet. The reply message is transferred to 
the IHA. In this example, It Is assumed that the des- io 
tination address of the reply massage has not twen 
registered in the binding cache 224 In the ON 900. 

4. The HA receives the data paclcet addressed to 
the mobile node 600 as a destination address, in 
this example, it Is assumed that the destination is 
address of the paclcet has been ragistared in the 
service control filter 225 (FIG. 9). In this case, the 
sen/lce control transaction table (FIG. 5) is 
searched using the destination address of the 
paclcet When the service control transaction corrs- 20 
spending to the address has been detected, the 
service typo packet filtering of the service profile is 
searched to refer to the setting inlbrmation. Since 
there is only one address set to be restricted in this 
embodiment, the source address of the received 2S 
packet is compared with the restriction address. At 
this time, if these addresses match each other, then 

the received packet Is rejected (or discarded). If 
they do not match each other, then the received 
packet Is capsuled using the care-of -ad dress of the 30 
mobile node extracted from the service control 
transaction mobility binding table, and the capsuled 
packet Is transferred to the FA Indicated by the 
care-of-address. 

35 

9. Home agent having the function of foreign agent 
9.1 Explanation of operations 

[0235] In the existing common mobile IP network, 40 
there are normally a home agent (hiA) and a foreign 
agent (FA) Ibr a mobile node. When the mobile node is 
moved from the communications area of a home agent 
to the oommunteations area of a foreign agent distant 
from the home agent, a mobility binding table is gene^ 4s 
ated for the home agent in the tocatlon registration pro- 
cedure, and a visitor list Is generated for the foreign 
agent At this time, the infomiation for transfer of a 
packet addressed to the mobile node to the foreign 
agent acconvnodating the mobile node Is registered In so 
the mobility binding. On the other hand, the information 
for transmitting a packet, whteh Is from the home agent, 
to the mobile node Is registered in the visitor list 
[0236] However, when a mobile node Is located in 
the conrvnunlcations area of a home agent in the exist- ss 
ing common mobile IP network, the mobile node is con- 
nected to the home agent not through the sequence 
according to the mobile IP protocol, but through the 



sequence of, for example, a l-AN protocol, etc. There- 
fore, in this case, the mobile node is connected to tha IP 
network without perfonrtlng the authenticating process, 
etc. by the AAA. 

[0237] In the nrwblle communications service sys- 
tem described below, a home agent has the function of 
a foreign agent A function of a foreign agent* refers to 
the function of a foreign agent provkled in an eidsting 
common mobile IP network, and the function of a for- 
eign agent according to the present invention described 
above by referring to FIGS. 1 through 39. That is, the 
home agent according to the present embodiment has 
the function of generating a visitor list as necessary, the 
function of requesting an AAA to autiienticate tiie 
mobile node for location registratton, and the function of 
receiving service profile infonnation from the AAA for 
servtoe profile, and controlling the communlcattons of 
tiie mobile node according to the received service pro- 
file infonnation. 

[0238] in addition, It is necessary to add the follow- 
ing function to tiie AAAH when a home agent Is 
assigned the above described functions of a foreign 
agent That Is, upon receipt of a message relating to the 
locatton registration request of the mobile node from the 
home agent, the AAAH performs the authenticating 
process, etc. as In ttie procedure of receiving a mes- 
sage about the locatton registration request from a for- 
eign agent, and returns a reply message to the home 
agent The 'procedure of receiving a message relating 
to a kxiation registration request from a foreign agent* is, 
for scample, a procedure prescribed by the RFC 2002 
and the DIAMETER mobile IP extension. Furthermore, 
ttie AAAH has the function of sending service profile 
Information to a home agent when the reply message is 
returned. A method of sending the service profile Infor- 
mation to a home agent can be a method using an reg- 
Istratton request (HAR) message^ and a method using 
an autiientlcation reply (AMA) message. 
[0239] FIG. 40 shows an example of a service con- 
trol fa^nsactk^n generated In a home agent The servbe 
control transaction can be obtained by adding a 'VISI- 
TOR USr and a 'FA SERVICE PROFILE to the servbe 
control transaction 230 shown in FIG. 5. in addition, a 
pointer pointing to a leading address of the visitor list, or 
ttie Infomiation having an equivalent function Is set In 
ttie control block. 

[0240] The method of generating a visitor list Is the 
same as ttie method used In an existing foreign agent. 
The home agent and the foreign agent basteally have 
ttie same configurations. That is, these agents function 
as home agents to a specific mobile node, and function 
as foreign agents to other mobile nodes. Therefore, the 
procedure of generating a visitor list in a home agent 
can be the procedure used in a foreign agent. 
[0241] The 'FA SERVICE PROFILF Is ttie Informa- 
tion extracted from the service control database 300 by 
ttie AAAH. The 'FA SERVICE PROFILE' Is stored In, for 
Gcample, the AVP of ttie message of the DIAMETER 
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protocoi, and Is sent from the AAA to a home agent At 
this time, the 'FA SERVICE PROFILE can be sent 
together with the 'HA SERVICE PROFILE, or can be 
Individually sent The 'HA SERVICE PROFILE Is the 
same as, for example, the Inlbrmalton sent using a HAR 
message as shown In FIG. 25. 
[0242] FIG. 41 13 a flowchart of the operations of a 
mobile agent (including an HA and a foreign agent). The 
flowchart shows In detail the steps 81 64 and SI 65 in 
FIG. 10. Therefore, the process Is perfomned by the 
service control unit 210 when the home agent or the for- 
eign agent receives a protocol packet In explaining this 
flowchart, FIGS. 25 and 26 described above, and FIGS. 
48 and 49 described below are referred to. 
[0243] Described below Is the operation performed 
after specifying a received message by analyzing the 
header Infomnatlon about a received packet In step 
S500. 

(1) When a registration request message is received 
(an authenticalion request Is contained) 

[0244] The sequence is performed when a registra- 
tion request message Is received from a mobile node. 
When a registration request message is received, con- 
trol Is passed to 8501. In FIGS. 25 and 26, the foreign 
agent receives a Feglstratlon request message. In FIGS. 
48 and 49, the home agent receives a registration 
request message. The forniat of a registration request 
message Is shown in FIGS. 57 through 61 . 
[0245] In step 8501 , it is checked whether or not the 
*MN-AAA AUTHENTiCATION' shown in FIG. 61 is set In 
the extension area of the received registration request 
message, if the 'IVIN-AAA AUTHENTICATION' has been 
set, then it is detennined that a request to authenticate 
the mobile node has to be issued to the AAA, and con- 
trol is passed to step S502. If it has not been set, then 
control is passed to step S509. The mobile node 
requests to perform an authenticating process for the 
first iocatton registration, and does not request to per- 
fomi the process for the subsequent locatnn registia- 
tion. In this example, it Is assumed that the 'MN-AAA 
AUTHENTICATION' has been set in the extension area 
of the registration request message. 
[0246] in step S502, an AiUR message in response 
to the received registration request message Is gener- 
ated. The format of the AMR message is shown in FIG. 
70. 

[0247] In step S503, It Is determined whether or not 
the network prefix of the 'IS^N-NAi' contained In the 
extenston area of the registration request message 
shown in FIG. 59 is a prefix In Its own domain. The 
'PREFIX' comesponds to the domain name of an IP 
address. In tills case, tiie 'NETWORK PREFIX OF MM- 
NAI' corresponds to the domain to which the mobile 
node belongs, and the 'PRERX OF fTS OWN DOMAIN' 
con-esponds to the domain managed by the home agent 
or the foreign agent recehflng the registration request 



message. When these prefixes match each other, con- 
trol Is passed to step S504. When they do not match 
each other, control Jumps to step S507. in this ecamplep 
It is assumed that the prefixes match each other. 

5 [0248] in step S504, the 'HA-AAA REQUEST AVP* 
Is added to the AMR message. The 'HA-AAA 
REQUEST AVP' Is an AVP suggested by the present 
Invention, and has the format shovm in FIG. 69. The 
value of an AVP code is assigned by an lANA (Internet 

10 assigned number authortly) by a vendor of the system. 
The data division Is a 32-bit integer. 
[0249] In step S505, the procedure of communicat- 
ing with the AAA server is determined. Available com- 
munications procedures can be a normal procedure 

15 shown in FIG. 48, and a slmpPified procedure shown in 
FIG. 49. Which procedure Is to be selected depends on 
an installed protocol process. If both procedures can be 
selected, the control poficy of the mobile agent selects 
the procedure. 

20 [0250] When the normal procedure is selected, "0 
(zero)' is set In step S506 in the data division of the 'HA- 
AAA REQUEST AVP shown In FiG. 69. When the sim- 
plified procedure Is selected, 'V is set in the data divi- 
sion of the 'HA-AAA REQUEST AVP in step S508. 
25 [0251] in st^ S507, necessary infonnation (the 
home address^ the source link layer address, the UDP 
source port, the home agent address, the Identifier field 
of the negistration request, and the lifetime) Is extracted 
from the received registration request message, and a 
30 visitor list for the mobile node Is generated. 

[P252] In the above described process, an AMR 
message to be transmitted to the AAAH and a visitor list 
for the mobile node are generated also in the home 
agent which has received the registration request mes- 
as sage from the mobile node. 

(2) When a registration request message Is received 
(an authentication request Is not contained) 

40 [0253] The sequence Is performed when a registra- 
tion request message not containing an authentication 
request is received from the mobile node. In this case, 
since the 'MN-AAA AUTHENTICATION' is not set in the 
extension area of the received registration request mes- 

46 sage, the processes in and after step S509 are per- 
fomned as a result of the branch process In step S501 . 
[0254] In step 8509, the 'HA ADDRESS (home 
agent)' set In the received registration request message 
Is compared with the domain address of the agent 

so which received the message. When they do not match 
each other, control Is passed to step S51 0, and the 
agent which received the registration request message 
from the mobile node functions as a foreign agent. If the 
compared messages match each other, then control Is 

55 passed to step S51 1 , and the agent which received the 
registration request message from the mobile node 
functions as a home agent. 

[0255] In step S510, an AMR message to be trans- 
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mltted to the home agent Is generated. Then, In step 
S507, a visitor list is generated. 
[0^6] In step S51 1 , a registration reply message to 
be returned to the mobile node Is generated. Thefbnnat 
of the registration reply message Is shown in FIG. 62. in s 
step S512, the 'CARE-OF ADDRESS' set in the 
received registration request message is compared with 
the domain address of the agent which received the 
message. When they match each other, It is recognized 
that the received message has been transmitted from io 
the mobile node, and control is passed to step S507. On 
the other hand, when the two addressed do not match 
each other, It is recognized that the received message 
has been transmitted from a foreign agent, and control 
is passed to step 8513. Then, in step S513, the care-of is 
address, the registration request identifier field, and the 
lifetime are extracted from the received registration 
request message, and a mobility binding table is gener- 
ated. 

[0257] In the above described process, an AMR 20 
message to be transmitted to the AAAiH, and a mobility 
binding table or a visitor list for the mobile node are gen- 
erated also In the home agent which received the regis- 
tration request message transmitted from the mobile 
node. 2S 

(3) When a registration reply message is received 

[0258] TTie sequence Is perfomned after the foreign 
agent or the home agent has received an AMA mes- 30 
sage and has generated a registration reply message to 
be transmitted to a mobile node according to the 
received message. Practically, in step 8514, the regis- 
tration reply message shown in FIG. 62 is generated. 
Then, control is passed to step S507. 3S 

(4) When a HAR message is received 

[0259] The sequence is performed when a HAR 
message Is received from an AAA. When the HAR mes- 40 
sage is received, control is passed to step 851 5. in 
FIGS. 25 and 48, the home agent receives the HAR 
message from an AAAH. In FIG. 26, the home agent 
receives the HAR message from an AAAF. In the 
sequence shown in FIG. 49, a HAR message is not 45 
used. The fomnat of the HAR message is shown In FIG. 
71. 

[0260] In step 8515, an HAA message is gener- 
ated. The format of an HAA message is shown in FIG. 
73. The HAA message is transmitted from the home so 
agent to the AAAH In RGS. 25 and 46, and is transmit- 
ted from the home agent to the AAAF in FIG. 26. No 
HAA messages are used In the sequence shovm in FIG. 
48. 

[0261] In step 851 6, the user profile Infonnatlon set ss 
in the data division of the 'PROFILE-CACHE AVP' of the 
HAR message Is set in the service profile division of the 
service control transaction. The 'PROFILE-CACHE 



AVP' Is an AVP suggested by the present invention, and 
its fomiat Is shown In FIG. 68. The service profile divi- 
sion of the service control transaction Is shown In FIG. 
40. TTie value of an AVP code Is assigned by the above 
described lANA, or the vendor of the contmunlcations 
service. The data division is a structure olatalned by 
copying a part of the user profile of the service control 
database shown in FIG. 21. 

[0262] In step 851 7, the care-of address of the reg- 
istration reply message set in the data division of the 
■MIP-REGISTRAriON-REQUEST AVP' of the received 
HAR message is compared with the domain address of 
the home agent which has received the HAR message. 
[0263] When these addresses do not match each 
other, it Is recognized that the received HAR message 
has been transmitted from a foreign agent, and the 
care-of address, the registration request Identifier field, 
and the lifetime are extracted from the registration 
request message, and are set in the mobility binding In 
step S51B.Then, instep S518, the service filter for Iden- 
tifying a packet to be controlled is set according to the 
service control Information assigned by an AAA using 
the HAR message. 

[0264] On the other hand, if the two addresses 
match each other, step S516 is omitted, and control is 
passedto step 8519. 

{5} When an AMA message Is received 

[0265] The sequence is performed when an AMA 
message is received from an AAA. When an AMA mes- 
sage is recehred, control Is passed to step S520. The 
AMA message is transmitted from an AAAH to a foreign 
agent in FIG. 25, from an AAAF to a fbrelgn agent In 
FIG. 26. and from an AAAH to a home agent in FIGS. 48 
and 49. The fomfiat of the AMA message Is shown in 
FIG. 72. 

[0266] in step 8520, a registration reply message to 
be returned to a mobile node which has transmitted a 
registration request message Is generated. The fomiat 
of the registration reply message is shown in FIG. 62. 
[0267] In step S521 , the user profile infonmation set 
in the data division of the PROFILE-CACHE AVP' of the 
received AMA message is set in the service profile divi- 
sion of the service control transaction. The 'PROFILE- 
CACHE AVP' and the service profile division have been 
described above by referring to the process In step 
8516. 

[0268] in step S524, a service filter for Identifying a 
paclcet to be controlled is set according to the service 
control Information notified by the AAA. Then, the proc- 
ess In step S507 Is perfonned. 

(6) When an MBU message is received 

[0269] The sequence Is performed when an MBU 
(binding update) message to be transmitted and 
received between fbreign agents is received. The MBU 
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message is normally transmitted from a new FA to a 
previous FA as described above by refaning to RG. 29 
or 31 . The rormat of the MBU message Is shown In FIG. 
63. 

[0270] In step S522, an MBA message to be 5 
returned to the foreign agent which has transmitted the 
MBU message is generated. The fomiat of the MBA 
message Is shown In FIG. 64. in step S523. the binding 
cache shown In FIG. 8 is updated according to the Infor- 
mation notified by the MBU message. io 
[0271] FIG. 42 is a table showing the correspond- 
ence b^ween the received message and the service 
control transaction In the process flow shown In FIG. 41 . 
The table shows the Infbrmatlon to be set In the service 
control transaction aocording to the type of the received is 
message and the address set in each message. 
[0272] FIG. 43 Is a table showing the correspond- 
ence behveen the received message and the transmis- 
sion message in the process flow shown In FIG. 41 . The 
table shows the type and the destination of the trans- 20 
mission message aocording to the type of the received 
message and the information (an address, Infomiatlon 
stored in an extension area, etc.) set In the received 
message. 

[0273] FIG. 44 is a flowchart of the operations of an 25 
AAAH. The flowchart shows steps S22E and S22F 
shown in FIG. 22 In detail. Therefore, the process is per- 
formed when the AAAH receives a message of the 
DIAMETER protocol. In explaining the flowchart, FIGS. 
25 and 26 described above, and FIGS. 48 and 49 ao 
described later are referred to as necessary. 
[0274] Described k>eIow are the operations per- 
formed after specifying a received message by analyz- 
ing the header infomnation about a received pacl«t In 
step S600. 38 

(1) When an AMR message Is received (request from a 
home agenQ 

[0275] The sequence Is performed when an AMR 40 
message is received. When an AMR message Is 
received, control is passed to step S601. The AMR 
message Is transmitted from an AAAF In FIGS. 25 and 
26. and is transmitted from a home agent In FIGS. 48 
and AB. The fomiat of the AMR message Is shown In 46 
FIG. 70. 

[0276] in step S601 , It Is checked whether or not the 
received AMR message Is assigned the 'IHA-AAA 
REQUEST AVP. The 'HA-AAA REQUEST AVP Is an 
AVP assigned by a home agent in step 8504 In the flow- 50 
chart shown In FIG. 41 . When the AVP Is assigned, con- 
trol Is passed to step S602. When the AVP Is not 
assigned, control Is passed to step S608. 
[0277] in step S602, the value of the data division of 
the -HA-AAA REQUEST AVP assigned to the received 55 
AMR message is checiced. When "0 (zero)' is set in the 
data dtvlslon, control Is passed to step S603. When '1 ' Is 
set, control is passed to step S605. The data division of 



the 'IHA-AAA REQUEST AVP' Is set by the home agent 
In step S506 or S508. That Is. the AAAH perfonns the 
normal procedure (steps 3603 and S604) when '0' Is set 
In the data division, and performs the simpilfied proce- 
dure (steps S605 through S607) when 'V is set therein. 
[0276] In step S603, an HAR message to be trans- 
mitted to the home agent Is generated. The HAR mes- 
sage generated In step S603 is used in the sequence 
shown In FIG. 48. The fomnat of the HAR message Is 
shown in RG. 71. 

[0279] In stop S604. the 'PROFILE-CACHE AVP' Is 
added to the HAR message generated In step S603. 
The 'PRORLE-CACHE AVP' can be obtained by 
retracting only the profile to be set In the home agent 
from the service profile of the service control transac- 
tion. It Is assumed that the infonnation akiout to which 
one or more service profiles stored In the service control 
transaction are to be distributed, a foreign agent or a 
home agent, is predetermined. Basically, the service 
profile for a service to be applied to a transmission 
padcet is distributed to a foreign agent, and the service 
profile for a ser^ce to be applied to a received packet Is 
distributed to a home agent 

[0280] In step S6D5, an AMA message to be trans- 
mitted to a home agent is generated. The AMA mes- 
sage generated in step S605 Is used in the sequence 
shown In FIG. 49. The format of the AMA message Is 
shown In RG. 72. 

[0281] In step S806, the 'PROFILE-CACHE AVP Is 
added to the AMA message generated In step S605. in 
this process, a service profile to be distributed to a 
home i^ent Is added to the AMA message. Then, in 
step S607. the service profile to be distributed to a for- 
eign agent Is also added to the 'PROFILE-CACHE AVP* 
of that AMA messe^e. The service profile to be disto'b- 
uted to a foreign agent is extracted from the service pro- 
file of the service control transaction. 
[0282] Thus, in the simplified procedure, the service 
profiles to be used by a home agent and a fore'^n agent 
are stored in the AMA message transmitted from the 
AAAH to the home agent 

(2) When an AMR message Is received {request from 
an agent other than a home agent) 

[0283] When an AMR message not assigned the 
'HA-AAA REQUEST AVP Is receded, the processes In 
and after step S60d are performed, in step S60d, it Is 
checked whetiier or not the 'HA ADDRESS (FIG. 18}' 
set In the service control transaction Is an address In the 
domain managed by the AAAH. If the HA address te an 
address in the domain of the AAAH, then control Is 
passed to step S609. if not, control Is passed to step 
S611. 

[0284] In step S609, an IHAR message to be trans- 
mitted to a home agent Is generated. The HAR mes- 
sage is used In, for example, the sequence shown In 
FIG. 25. The fomnat of the HAR message is shown In 
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FIG. 71. In step S610, the 'PROFILE-CACHE AVP' Is 
added to the HAR message generated In step S609. 
This process Is basically the same as the process In 
step S604. 

[0285] In step S61 1 , an AMA message to be trans- s 
mitted Id an AAAF Is generated. The AMA message Is 
used In, for example, the sequence shown in FIG. 26. 
The format of the AMA message Is shown In FIG. 72. 
Then, In step S612, the 'PROFILE-CACHE AVP Is 
added to the AMA message generated In step S61 1 . In io 
this case, only the service profile to be distributed from 
the service profile of the service control transaction to a 
foreign agent Is extracted, and the service profile Is 
stored In the 'PROFILE-CACHE AVP. 

15 

(3) When an HAA message Is receh^ 

[02B6] The sequence is perfonned when an HAA 
message Is received from a home agent. When the 
HAA message is received, control Is passed to step 20 
S613. The format of the HAA message is shown In FIG. 
73. 

[0267] In st^ S61 3, It Is checked whether or not the 
'AAAF ADDRESS' recorded in the service control trans- 
action has changed. The 'AAAF ADDRESS' recorded In 25 
the service control transaction Is the address of the 
AAAF managed by the foreign agent acoommodating a 
mobile node. Therefore, the AAAF address changes 
when the mobile node is nwved from the communica- 
tions area of an AAAF to the communications area of 30 
another AAAF. The Infonration Is given from a new 
AAAF according to an AMR message. 
[0288] If the AAAF address has been changed, an 
AMU message is generated in step S614. The fbrmat of 
the AVP set In the AMU message is shown In FIG. 74. ^ 
The AMU nnessage Is used In, for example, the 
sequence shown In FIG. 35. On the other hand, if the 
AAAF address has not been changed, then the proc- 
esses In steps S61 1 and S612 are performed. 

40 

(4) When an AMAc message is received 

[0289] When an AMAc message is received, the 
processes in steps S61 1 and S612 are performed. The 
AMAc message Is used in, for example, the sequence 48 
shown In FIG. 35. 

[0290] FIG. 46 is a table showing the correspond- 
ence between a received message and a transmission 
rrtessage. This table shows the type and the destination 
of a transmission message based on the type of a 5d 
received message, the Information set in the received 
message (information stored In an extension area, etc.), 
and the location of a mobile node, etc. 
[0291] FIG. 45 is a tat>ie showing an exannple of a 
division of the service profile Information. In this exann- bs 
pie, the necessary service profile information for supply 
of each type of value-added services is divided into 
Infomnation to be distributed to a home agent and lnfo^ 



mation to be distributed to a foreign ^ent 
9.2 Embodiments 

[0292] Described below is an example of applying a 
Diff-Serv to the case where a mobile node logs in to a 
home networic. FIG. 47 shows an example of a user pro- 
file of a user who Is provided with a Diff-Serv. The user 
profile is stored in the sen/ice control database 300. 

(1) Setting Diff-Serv infonnation in a location registra- 
tion procedure 

[0293] The sequence of distributing a service pro- 
file to a home agent for pmvldlng a Diff-Serv is 
described below by rafening to FIGS. 48 and 49. 

1 and 2 shown in RGS. 46 and 49: Upon receipt of 
an agent advertisement message from a home 
agent (HA), the mobile node (MN, SN) returns a 
registration request message to a home agent 
according to the nomial mobile IP procedure. Upon 
receipt of the reglstmtlon request message, the 
home agent generates a unique session ID, 
extracts necessary Infonnation (a home address, a 
source linic layer address, an UDP source port, a 
home agent address, a registration request Identi- 
fier field, and a lifetime) from the received registra- 
tion request message, and assigns the session ID 
to the extracted information, thereby generating a 
service control transaction. 
3 shown in FIGS. 48 and 49: The home agent trans- 
mits an AMR message to the AAAH. The AMR 
message stores a registration request and the 'HA- 
AAA REQUEST AVP' received from tiie mobile 
node. A value of selecting tiie normal procedure 
(sequence shown in FIG. 48) or the simplified pro- 
cedure (sequence shown in FIG. 49) is set In the 
'HA-AAA REQUEST AVP'. The infonnation for 
requesting the AAA server to authentbata the 
mobile node and distribute a service profile forsup- 
ply of a value-added service to the mobile node, or 
the infonnation for requesting the transfer of a loca- 
tion registration request Is set In tiie 'IHA-AAA 
REQUEST AVP'. 

Upon receipt of the AMR message, the AAAH 
performs the authenticating process on the mobile 
node (registration request usei) according to the 
common authentication procedure. When the 
authenticating process is normally completed, the 
subsequent steps are continued. When It is abnor- 
mally completed, an AMA message In which an 
appropriate reason code is set is returned to the 
home agent The AAAH searches the service con- 
trol datak)ase shown In FIG. 47, and extracts a cor- 
responding service profile. Then, a service control 
transaction shown In FIG. 18 Is generated using a 
unique session ID, the address of the home agent 



36 



71 



EP 1 089 580 A2 



72 



which has transmitted the AMR message, and the 
service profile extracted from the service control 
database. Additionally, the AAAH analyzes the 'HA- 
AAA REQUEST AVP' of the AMR message, and 
detemilnes the procedure (normal or simplified pro- 5 
cedure) for communicating with the home agent. 

(la) When the normal procedure Is selected 
[0294] 10 

4 Shown In FIG. 48: The AAAH transmits an HAR 
message to the home agent. The HAR message 
stores a location registration request message 
used In the normal mot)ile IP procedure, and a 15 
service profile to be used tyy the home agent to pro- 
vide a value-added service for the mobile node. 

5 shown In FIG. 48: Upon receipt of the HAR mes- 
sage, the home agent extracts necessary informa- 
tion (a session ID, the source address of the HAR 20 
message, a care-of address, a registration request 
identifier field, a rrfetlme, and a service profile} from 

the hlAR message, and sets the Infbnnation in the 
service control transaction. TTie home agent sets a 
desfination address (home address) In the service 25 
control fitter 225 of the router control unit 220 
shown In FIG. 3. The home agent returns an HAA 
message to the AAAH. 

6 shown in FIG. 48: Upon receipt of the HAA mes- 
sage, the AAAH transmits an AMA message to the 30 
home agent. The AMA message stores a service 
profile to be used lay a foreign agent to provide a 
value-added service for the mobile node. The serv- 
ice profile can be obtained by searching for a ses- 
sion transaction using a session ID. In addition, the 38 
destination address of the AMA message can also 

be obtained from the session transaction. 

7 shown in FIG. 48: Upon receipt of the AMA mes- 
sage from the AAAH, the home agent accesses a 
service control transaction using a session ID, and 40 
sets the home address, the home agent address, 
and the service profile obtained from ttie AMA mes- 
sage therein, in addition, the source address (home 
address) is set in the service control filter 225 
shown In FIG. 3. Ttien, the home agent transmits a 46 
registration reply message to the link isyer address 

of the mobile node set In the service control trans- 
action. 

(lb) When the simpiffied procedure Is selected so 

[0295] 

4 shown in FIG. 49: Upon receipt of an AMR mes- 
sage, the AAAH rstums an AMA message to the ss 
home agent The message stores a service profile 
to be used by the home agent to provide a value- 
added service for the mobile node^ and a service 



profile to be used by a foreign agent to provide a 
value-added service for the mobile node. 
5 shown In FIG. 49: Upon receipt of the AMA mes- 
sage, the home agent extracts necessary Infonna- 
tion (a session ID, the souix^e address of the AMA 
message, a care-of address, a registration request 
identifier field, a lifetime, and a service profile) from 
the AMA message, and sets the inform ation In the 
service control transaction. In addition, the home 
agent sets the destination address (home address) 
and the source address (home address) In the 
service control filter 225 shown In FIG. 3. 

FIGS. 50 through 52 show the procedure of 
distributing a sen/ice profile. In this example, It is 
assumed that a Diff-Serv is provided for a mobile 
nod& 

FIG. 50 shows the case In which a mobile node 
is located in the communications area of a foreign 
agent in this case, an AAA server distributes '01 FF- 
SERVE ARRIVAL' to a home agent using an HAR 
message, and distributes 'DIFF-SERVE TIWJS- 
MISSiON' to a foreign agent using an AMA mes- 
sage, -me 'DIFF-SERVE ARRIVAL' Is the 
Information for executing a priority control of a 
padcet addressed to the mobile node, end the 
'DIFF-SERVE TRANSMISSION' is the information 
for executing a priority control of a padcet transmit- 
ted from the mobile node. 

FIG. 51 shows the case in which a mobile node 
is located In the communications area of a home 
agent with the normal procedure selected. In this 
case, an AAA server distributes the 'DIFF-SERVE 
ARRIVAL' to a home agent using an HAR message, 
and then distributes the 'DIFF-SERVE TRANSMIS- 
SION' to the home agent using an AMA message. 

FIG. 52 Shows the case In which a mobile node 
is located in the communications area of a home 
agent with the simplified procedure selected. In this 
case, an AAA sever simultaneously distributes the 
'DIFF-SERVE ARRIVAL' and the 'DIFF-SERVE 
TRANSMISSION' to the home agent using the 
AMA message. 

(2) Distribution of data pacitet 

[0296] The procedure of distributing a data packet 
Is described below by refen^lng to FIG. 63. In this exam- 
ple, it is assumed that the location registration has been 
completed by the procedure shown In FIG. 48 or 49. 

1. The transmission of a packet Is started from the 
mobile node (MN, SN) to the correspondent node 
(CN). 

Z The address of the mobile node is set as a 
'SOURCE ADDRESS' In the service control filter of 
a home agent (HA) by the procedure shown in FIG. 
48 or 49. Therefbre, upon receipt of a packet trans- 
mitted from the mobile node, the home agent 
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searches a visitor list corresponding to the header 
Information of the received packet Then, It obtains 
the 'DIFF-SERVE TRANSMISSION' by accessing 
the service profile linked to the search result A 
TOS value' depending on the Information set in the 5 
■DIFF-SERVE TRANSMISSION' is assigned to a 
received padcet In this emlsodimentp for example, a 
TOS value Indicating 'ASSURED FORWARDING 
CLASS 1' Is set Then, the home agent transfers 
the packet to which the TOS value Is assigned to 10 
the destinatnn address (the correspondent node in 
this example) indicated by the header. Further^ 
more, the home agent generates a binding cache 
containing the editton Infomrtation about the packet 

3. Upon receipt of the packet from the mobile node, is 
the correspondent node transmits to the mobile 
node the packet storing the data requested by the 
mobile node. At this time, the con^pondent node 
has not been provided with service profile infomia- 
tion, and no binding cache has been generated, so 
Therefore, the correspondent node refers to a nor- 
mal routing table, and assigns the address of the 
mobile node to a packet to be transmitted. No Infor- 
mation for priority control Is assigned to the packet 

to be transmitted from the correspondent node to 2S 
the mobile node. 

4. The address of the mobile node is set es a 'DES- 
TiNATiON ADDRESS' In the service control filter of 
the home agent by the procedure shown In FIG. 43 

or 49. Therefore, upon receipt of the packet 30 
addressed to the mobile node* the home agent 
searches the servtee control transaction using the 
header intomnation of the packet, and extracts a 
sen/Ice profile, thereby extracting the 'DIFF-SERVE 
ARRIVAL'. Then, a TOS value' depending on the 38 
information set in the 'DIFF-SERVE ARRIVAL' Is 
assigned to the received packet In this embodi- 
ment, for example, a TOS value Indicating the 
'ASSURED FORWARDING CLASS V Is set. Tlien, 
the home agent transfers the packet assigned the 40 
TOS value to the mobile node. At this time, the 
service control infonnation can be mapped, ete. by 
the function of realizing the QoS In a link i^er. 

5. The home agent notifies the correspondent node 

of the care-of address of the mobile node using a 45 
binding update message to optimize the route for 
transfer of the packet from the comespondent node 
to the mobile node. In this embodiment, since the 
mobile node Is cun'ently accommodated In the 
home agent, the correspondent node Is notified of so 
the address of the home agent as a 'CARE-OF 
ADDRESS OF l\40BiLE NODE. Thus, the conB- 
spondent node can hereafter transmit a packet 
directly to an agent accommodating the mobile 
node. 55 

Furthennore, according to the present embodi- 
ment, the comespondent node is notified of the 
TOS VALUE* used to provide a Diff-Serv tor the 



correspondent node using a binding update mes- 
sage. The TOS VALUE' provided for the con-e- 
spondent node is only the TOS value to be 
assigned to the packet to be trEmsmltted to the 
mobile node from the con^spondent node. When 
the mobile node communbates with another corre- 
spondent node, only the service profile required by 
the comespondent node is distributed to the core- 
spondent node from the home agent 
G. Upon receipt of the binding upctete message, the 
correspondent node extracts the home address of 
the mobile node, the care-of address, and the TOS 
value from the message, and generates a binding 
cache containing them. IHerelnafter, the corre- 
spondent node searches the binding cache when it 
transmlte a packet, and checks whether or not an 
address which matches the destination address of 
the packet has been registered. If a matehing 
address has been registered, then the correspond- 
ent node capsules tiie packet using the cars-of 
address registered in the binding cache, assigns 
the registered TOS to the capsuled packet, and 
transmlte the packet Thus, a Diff-Serv can be pro- 
vided not only for the packet transmitted from the 
mobile node to the correspondent node, but also for 
the packet transmitted from the correspondent 
node to the mobile node. 

7. Upon receipt of the capsuled date packet, the 
home agent decapsules it 
fi. The home agent extracte the destination address 
from the header Infonnation of the decapsuled 
packet, retrieves the corresponding link layer 
address from the service control transaction based 
on the address, and then transfers the received 
packet to the link iayar address. 

[0297] According to the present invention, a mobile 
node can receive various value-added serviced 
although It Is moved to any place. 
[0298] In addition, although the number of mobile 
nodes Increases, the volume of the service control infor- 
mation to be set In each agent can be relatively small. 
[0299] Furthemiore, since the service profile Is dis- 
tributed to a communications appliance (foreign agent 
and home agent) in the tocation registration procedure 
or the authentteation procedure of the mobile node, a 
value-added servtee can be immediately provided to the 
mobile node even after it has been moved. 
[0300] Since any authentk:ation system can specify 
a home agent, a mobile communications service sys- 
tem can be flexibly operated. 

[0301] Furthermore, since the servtee control Infor- 
mation not required in the foreign agent can be 
removed, a memory area for storing the servtee control 
infomnaHon can be smaller 

[0302] In addition, a system of transfenlng a packet 
to a plurality of mobile nodes using one address Is 
designed. AddlUonally, the tead of a home agent can be 
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evenly or appropriately distributed. 3, 
[0303] Since a correspondent node of a nfiobllo 
node Is notified of the location of the mobile node, the 
paclcet transfer route from the correspondent node to 
the nubile node can be optimized. 5 
[0304] Furthermore, although a mobile node Is 
accommodated by a home agent, the mobile node can 
be authenticated, thereby preventing illegal access. The 
mobile node can be provided with a value-added serv- 
ice from the home agent w 
[0305] When a mobile node cannot be successfully 
authenticated^ a service profile Is not distributed to a for 
eign agent or a home agent, thereby avoiding the waste 
of resources and preventing a packet from being trans- 
mitted from the mobile node before setting service con- Y5 
trol information. 

[0306] Since a home agent has the function of a for- 
eign agent, the mobile IP protocol can be used not only 
for the location registration of a mobile node, but also for 
holding user-customized service control Information. so 
[0307] Furthemiore, since the communications pro- 
cedure between a home agent and an authentication 
server can be simplified, supplying a value-added serv- 
ice can be started within a short tima 

25 

Claims 

1. A mobile communication system for transmitting a 
message containing location registration request 
infbnnafion from a mobile node to a foreign agent, ao 
to an autiientication server, and to a home agent In 
this order, and retuming a message containing 
location reglstiiation reply Infomriation as an answer 
to the received message in an inverse order from 
the home agent back to the mobile node, register- 35 
Ing a location of tiie mobile node in the home agent 
and the foreign agent, and providing a comnunica- 
tlons service for the mobile node, comprising: 

a unit, provided In the authentication server, for 40 
adding service profile Infomriation correspond- 
ing to the mobile node to the messages con- 
taining the location registration request 
information and the location registration reply 
information, wherein 4b 
the foreign agent and the home agent control a 
transmission of a packet both transmitted and 
received by the mobile node according to the 
service profile Infonnation contained In the 
message received from the authentication so 
server. 

2. The system according to dalm 1, further compris- 
ing: 

a database for storing the service profile Infor- 
mation. 



The system according to claim 2, wherein: 
the authentication server comprises: 

an autiientication request sen/er; and 
an authentication process server accessi- 
ble to the database; 

the authentication request server, for 
receiving a message containing tiie loca- 
tion registration request Infbrmation from 
the foreign agent, and transmitting the 
reoeh/ed message to the authentication 
process server, the authentication process 
server perfbnnlng an authenticating proc- 
ess according to the received message, 
and; 

the authentication request server for 
receiving a message containing the loca- 
tion registiiation reply infonnation from the 
authenticatton process sender, transmitting 
tiie message containing the location regis- 
tration reply Infonnation to tiie foreign 
agent; 

the autiientication process server for 
reoehring the message containing the loca- 
tion registration request information from 
the authentication request server, adding 
the service profile Information to the mes- 
sage containing tiie location registration 
request Infonnation, and transmitting a 
message containing tiie service profile and 
location reglsti^on request infonnation to 
the home agent; and 

the autiientication process server for 
receiving a massage containing the loca- 
tion reglstiBtion reply infonnation from tiie 
home agent adding the service pnoflie 
Infonnation to the message containing tiie 
location registration reply information from 
the home agent, and transmitting the mes- 
sage containing the service profile and 
iocatton registration reply Information to 
the autiientication request senrar. 

4. The system of ddm 3, wherein 

the authentication process server comprises a 
plurality of authentication process servers; and 
the authentication request sen/er determines 
an authentication process server from among 
the plurality of authentication process servers 
for performing the authentteating process. 

5. The system according to claim 1 , wherein: 

55 

the authentication server comprises: 
an autiientication request server, and 
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an authentication process server; 

the authentication request server, for receiving 
the message containing the iocatlon registra- 
tion request Infomnation from the foreign agent, 5 
and transmitting the received message to the 
authenticafion process server, the authentica- 
tion process server performing an authenticat- 
ing process according to the received 
message, io 
the authentication process server adding the 
service profile Infomiatlon to the message con- 
taining the location registration reply informa- 
tion, and transmitting the message containing 
the service profile and location registration 15 
reply Infonnation to the authentication request 
server; 

the authentication request server receiving the 
message containing the service profile and 
location registration reply Information from the 20 
autiientication process server, adding the serv- 
ice profile Information to the message contain- 
ing the location registration request 
information, and transmitting a message con- 
taining the service profile and location registra- 25 
tion request information to tiie home agent; 
the authentication request server receiving a 
message containing the location registration 
reply information from the home agent, adding 
the service profile Information to the message 30 
containing the location registration reply infor- 
mation received from the home agent, and 
transmitting the message containing the serv- 
ice profile and location registration reply Infor- 
mation received from the home agent to the 3? 
foreign agent 

6. The system of daim 5, wherein 

the authentication process server comprises a 40 
piurafity of authentication process servers; and 
the authentication request server determines 
an authentication process server from among 
ttie plurality of authentication process servers 
for performing the authenticating process. 45 

7. The system according to claim 5, wherein 

when the mobile node Is moved from a commu- 
nications area of a first foreign agent subordi- so 
nate to an authentication request server to a 
communications area of a second foreign 
agent subordinate to the authentication request 
server, the second foreign agent requests the 
first foreign agent to delete the service profile es 
information associated with the mobile node. 

8. The system according to claim 4, wherein 



when the mobile node Is moved from a commu- 
nications area of a first foreign agent subordi- 
nate to a first authentication request server to a 
communications area of a second foreign 
agent subordinate to a second authentication 
request server, the authentication process 
server requests the first authentication request 
server to delete the service profile Information 
set in the first foreign agent and the first 
authentication request server in response to a 
message containing location registration 
request information from the second foreign 
agent 

9. The system according to claim 1 , wherein 

the foreign agent controls transfer of a packet 
received from the mobile node t>y priority 
according to the service profile Information. 

10. The system according to daim 1 , wherein 

the foreign agent performs a paci<et filtering 
process on a packet received from the mobile 
node according to the service profile informa- 
tion. 

11. The system according to daim 1 , wherein 

when a destination address of a received 
padcet Is a target of an anycast service, the 
home agent selects an IP address correspond- 
ing to tiie destination address from an anycast 
address list, and transfers the packet to the 
selectBd IP address. 

12. The system aoconding to daim 1 , wherein 

when a destination address of a received 
packet is a target of an anycast servtee, the 
home agent selects a link layer address 
according to a selection policy set as service 
profile information, and transfers the packet to 
the selected link layer address. 

1 3. The system according to daim 5, wherein 

tiie home agent comprises a plurality of home 
agents; and 

tiie authentication process server assigns a 
location registration request to a home agent 
from among the plurality home agents, respon- 
sive to a predetemnined distribution process. 

14. The system according to daim 5, wherein 

tiie home agent comprises a plurality of home 
agents; and 
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the authentication process server assigns a 
location regtetration request to a home 
agent from among the plurality home agents, 
responsive to an ability of each home agent 

5 

15. In a mobile communication service, a method for 
transmitting a message containing location regis- 
tration request Information from a mot)ile node to a 
foreign agent, and then to an authentication server, 
and tiien to a home agent In this order, and return- io 
ing a message containing location registration reply 
information as an answer to the received message 

in an inverse order from the home agent back to the 
mobile node, registering a location of the mobile 
node in the home agent and the foreign agent, and f5 
providing a communication service for the mobile 
node, comprising the steps of: 

adding through the use of the authentication 
server con^spondlng service profile Informa- 20 
tion to the messages containing the location 
registration request infomnation and the loca- 
tion registiiation reply information; 
transmitting the message containing the serv- 
ice profile Information to the foreign agent and 25 
the home agent; and 

controlling, in the foreign agent and the home 
agent the transmission and reception of a 
packet by the mobile node according to the 
service profile infonnation contained In the so 
message. 

16. in a mobile communication service, a method of 
providing a communication service for a mobile 
node, comprising: 35 

receiving by the authentication server a mes- 
sage containing location registration request 
Information from a mobile node; 
transmitting a message containing service pro- 40 
file information to an agent according to the 
message containing the location registration 
request inlbmiation; and 
controlling, in the agent, the transmission and 
reception of a pacioet by the mobile node 4b 
according to the service profile infbnnation 
contained in the message. 



17. A mobile communications servbe system, compris- 
ing: 

a foreign agent for transferring to a correspond- 
ent node a packet received from a mobile node 
and addressed to the con^esponderrt node, and 
decapsullng a received capsuled packet and 
transferring the decapsuled packet to the 
mobile node; and 

a home agent for transmitting a packet received 



so 



from the correspondent node to the foreign 
agent after capsuling the packet, and notifying 
the correspondent node of a care-of address 
for the mobile node and service profile Informa- 
tton about tiie mobile node by Incorporating 
them into a binding update message, wherein 
a packet transfer route from the comespondent 
node to the mobile node is optimized according 
to the binding update message received by ttie 
correspondent node from tiie home agent 

18. In a foreign agent apparatus of a mobile communi- 
cation system, a method of receiving a message 
containing location registration request Information 
from a mobile node, and registering a location of 
the mobile node, comprising the steps of: 

receiving a message containing location regis- 
tration request information from a mobile node 
in the mobile communication system and In 
response transmitting a message containing 
the location registrHtion request Infbnnation to 
an authentication server; and 
receiving a message containing registration 
reply Infbnnation together with service profile 
infomiation, in response to tiie transmitted 
message containing the registration request 
infonnation, and In response thereto setting 
sen/ice control infornr^tion according to the 
reglsfa^on reply information and the servtoe 
profile Information, and 

transfer controlling a packet transmitted and 
received by the mobile node tiirough this for- 
eign agent according to the service profile 
information. 

19. In an authentication apparatus of a nmblie commu- 
nication system, a metiiod of receiving a message 
containing location reglsti^on request Information 
from a mobile node, and transmitting a conwpond- 
Ing nnessage, comprising the steps of: 

receiving a message containing location regis- 
tration request Informatnn from a mobile node, 
and, in response to the message, transmitting 
to an agent a message containing service pro- 
file information required for a value-added 
service to be provkJed for the nnoblle node. 

20. A mobile communications service system providing 
a communlcatton service for a mobile node, com- 
prising: 

a datBt}ase for managing servbe profile con- 
taining Infonnatton for use in providing a serv- 
ice requested by a mobile node; 
a plurality of agents each of whteh can manage 
one or more addresses, and can accommodate 



41 



61 



EP1(»9 580 A2 



B2 



a mobile node; and 

an authentication server fbr authenticating a 
mobile node, wherein 

a home agent which \e an agent for managing 
an address of the mobile node comprises a 
request unit for issuing an authentication 
request to the authentication server upon 
receipt of a location registration request from 
the mobile node; 

the authentication server comprises: 
an extraction unit for extracting a service profile 
conresponding to the mobile node from the 
database upon receipt of the authentication 
request; and 

a reply unit for transmitting to the home agent 
the service profile extracted by the extraction 
unit together with an authentication reply corre- 
sponding to the authentication request, 

wherein 

the home agent provides a service according 
to tiie service profile received from the authen- 
tication sen^r. 

21. A mobile communication service system providing 
a communication service for a mobile node, com- 
prising: 

a database managing a service profile contain- 
ing infonnation for use in providing a service 
requested by a mobile node; 
a plurality of agents each of which can manage 
one or more addresses, and can accommodate 
a mobile node; and 

an authentication server autiienticating a 
mobile node, wherein 

a home agent serves as an agent for managing 
an address of the mobile node comprises: 
a request unit Issuing an authentication request 
containing location Information about the 
mobile node to the authentication server upon 
receipt of a location registration request from 
the mobile node; and 

a reg^ration unit registering a location of the 
mobile node according to a location registration 
request transmitted from the authentication 
server, 

the authentication server comprises: 
an extraction unit extracting a service profile 
corresponding to the mobile node from the 
database upon receipt of the authentication 
request; and 

a reply unit transmitting to the home agent a 
location registration request containing location 
information received from the home agent, the 
autiientication reply corresponding to the 
authentication request, and the service profile 
extracted Isy the extraction unit, wherein 
the home agent provides a service according 



to the service profile received from the authen- 
tication server. 

22. The system according to claim 20, wherein 

5 

the request unit notifies the authentication 
server of infonnation specifying one of a first 
procedure and a second procedure; 
the request unit comprising a circuit for trans- 

10 mltting the authentication reply and the service 

profile to the honne agent upon receipt of Infor- 
mation spedfylng the first procedure from tiie 
request unit, and transmitting to the home 
agent a location registration request for use in 

IS registering a location of the mobile node, the 

authentication reply, and the service profile 
upon receipt of information specifying the sec- 
ond procedure from the request unit; and 
the home agent comprising a circuit for regls- 

20 taring the location of the mobile node based on 

the registration request transmitted from the 
mobile node, when tiie first procedure Is speci- 
fied and registering the location of the mobile 
node based on the location registration request 

25 from the authentication server when the sec- 

ond procedure is specified. 

23. The system according to claim 20, wherein 

30 the home agent has a function of a foreign 

agent 

2Ab in a mobile communication service, the nrtethod of 
providing a communication service for a mobile 

33 node in a system having a database for use In man- 
aging a service profile, tiie service profile contain- 
ing Information used to provide a service requested 
by the mobile node, a plurality of agents each of 
which can accommodate a mobile node, and an 

40 authentication server authenticating a mobile node, 
comprising the steps of: 

receiving In an agent a registration request 
from a mobile node and ta^nsmitting an authen- 

45 tication request to tiie authentication server; 

extracting In the autiientication server a service 
profile con-espondlng to the mobile node from 
tiie ctetabase, and transmitting to the agent the 
service profile together with an authentication 

so reply con^spondlng to the autiientication 

request; and 

providing a servica to the mobile node, through 
tiie agent, according to tiie service profile 
received from the authentication server. 

53 

2& In a mobile communication service, a method of 
providing a communication service for a mobile 
node In a system having a database for use In man- 
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aging a servtee profile, the service profile contain- 
ing Information used to provide a service requested 
tyy the mobile node, a plurality of agents each of 
which can accommodate a mobile node, and an 
authentication server authenticating a mobile node, 5 
comprising the steps of: 



26. In a mobile communication service, a method of 
providing a communication service for a mobile 25 
node In a system having a database for use In man- 
aging a service profile, the service profile contain- 
ing Information used to provide a service requested 
by the mobile node, a plurality of agents each of 
which can accommodate a mobile node, and an 90 
authentication server authenticating a mobile node, 
comprising the steps of: 

receiving in an agent a registration request 
from a mobile node, and transmitting an 3S 
authentication request containing location 
Information about the mobile node to the 
authentication server; 

transmitting by the authentication server to the 
agent a location registration request containing 40 
the location information received from the 
agent; 

registering by the agent a location of the mobile 
node based on the locatlDn registrBtion request 
received from the authentication server, and 4b 
transmitting to the authentication server a reg- 
tetration reply corresponding to the location 
registration request; 

transmitting by the authentication server an 
authentication reply corresponding to the so 
authentication request to the i^ent; 
extracting by the authenftcation server a serv- 
ice profile con-espondlng to the mobile node 
from the database, storing the service profile In 
at least one of the location registration request ss 
and the authentication reply, and then transmit- 
ting the service profile to the agent; and 
providing through the agent a service accord- 



ing to the service profile received from the 
authentication server. 

27. In a mobile communication service, a method of 
providing a communications service for a mobile 
node in a system having a database for use In man- 
aging a service profile, the service profile contain- 
ing Information used to provide a service requested 
by the mobile node, a plurality of agents each of 
which can accommodate a mobile node, and an 
authentication server authenticating a mobile node, 
comprising the steps of: 

transmitting from an agent accommodating a 
mobile node an authentication request mes- 
sage requesting the authentication server to 
authenticate the mobile node; 
extracting a service profile corresponding to 
the mobile node from the database; 
storing the extracted service profile in an 
authentication reply message conespondlng to 
the authentication request message; 
transmitting the authentication reply message 
from the authentication server to the agent 
accommodating the mobile node; and 
providing, by the agent accommodating tiie 
mobile node, a service for the mobile node 
according to the service profile stored In the 
authentication reply message. 

28. In a mobile communication service, a method of 
providing a oonrYnunication servbe for a mobile 
node in a system having a database for use in man- 
aging a service pnoflle, the service profile contain- 
ing Infornrtation used to provide a service requested 
by the mobile node, a plurality of agents each of 
which can accommodate a mobile node, and an 
autiientlcation server authenticating a mobile node, 
comprising the steps of: 

transmitting from an agent accommodating a 
mobile node an authentication request mes- 
sage containing location infonnation about the 
mobile node to the authentication server; 
extracting a service profiie corresponding to 
the mobile node from tiie database; 
storing the extracted service profile In a loca- 
tion registration request message for use in 
registering the location of the mobile node; 
transmitting the location registration request 
message to an agent which has to recognize a 
location of the mobile node from the authenti- 
cation server; 

receiving in the agent the location registration 
request message, and 

providing through the agent a service for the 
mobile node according to the service profile. 



receiving in an agent a registration request 
from a mobile node, registering a location of 
the nnobile node based on the registration 10 
request, and transmitting an authentication 
request to the authentication server; 
extracting by the authentication server a serv- 
ice profile con'espondlng to the mobile node 
from the database, and transmitting to the 15 
agent the service profile together with an 
authentication reply corresponding to the 
authentication request; and 
the agent providing a service to the mobile 
node, tiirough the agent, according to the serv- 20 
ice profile received from tiie autiienticatlon 
server. 
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29. A home agent apparatus serving as one of a plural- 
ity of such agents and used in a mobile communica- 
tion service system providing a communication 
service for a mobile node In a system having a 
database for use in managing a service profile, the 5 
service profile containing Information used to pro- 
vide a service requested by the mobile node^ the 
plurality of agents each of which can accommodate 
the mobile node, and an authentication server 
authenticating the mobile node, the homo agent 10 
apparatus comprising: 

B first generation unit for generating a visitor list 
and adding a mobile node to the visitor list 
upon receipt of a location registration request is 
from the mobile node; 

a request unit for transmitting an authentication 
request to the authentication server to authen- 
ticate the mobile node; 

a second generation unit generating a mobility 20 
binding table for the mobile node upon receipt, 
from the authentication server, of a service pro- 
file corresponding to the mobile node extracted 
from the database and an authentication reply 
con^ponding to the authentication request; 25 
and 

a service control unit providing a service forthe 
mobile node using the service profile, the visi- 
tor list, and the mobility binding table. 

30 

30. A mobile communication system having a home 
service provider, a foreign service provider, and a 
mobile node with a con^spondlng mobile service 
profile, wherein the mobile node being a subscriber 

to the home service provider, may move to the for- 3S 
eign service provider and request service, the 
mobile conrnunication system comprising: 

a foreign agent of the foreign service provider 
for receiving a location registration request 40 
message from the mobile node and generating 
an ButhenflcatlDn request message; 
an authentication server for receiving the 
authenticafion request message, identifying 
the mobile node, and retrieving a mobile serv- 45 
ice profile conesponding to the mobile node 
and generating a registration request mes- 
sage; 

a home agent of the home service provider for 
receiving the registration request message, so 
registering the location of the mobile node and 
generating a registration reply message, the 
home agent further receiving and storing the 
service profile from the authentication server; 
the authentication server further receiving the ss 
registration reply message and generating an 
authentication reply message having the serv- 
ice profile stored therein; and 



the foreign agent further receiving the authenti- 
cation reply message, storing the service pro- 
file and transmitting a message to the mobile 
node indicating completion of registration, 
wherein 

the foreign agent and the home agent control a 
transmission of a padcet both transmitted and 
received by the mobile node according to the 
service profile information received from the 
authentication server. 

31. The mobile communication system of claim 30, 
wherein 

the authenticafion server assigns the home 
agent from among a plurality of home agents 
for receiving the authentication request mes- 
sage. 

32. The mobile communication system of claim 31, 
wherein 

the authentication server assigns the home 
agent by searching a home agent assignment 
table, selects a home agent having the smallest 
assignnrwnt number, and increments a corre- 
sponding registrBtion number in the home 
agent assignment table. 

33. The mobile communicatlDn system of claim 31, 
wherein 

the authentication server assigns the home 
agent by extracting infomiatlon from the serv- 
ice profile associated with the mobile node and 
assigning by priority a honr^e agent having a 
capability to provide associated services forthe 
mobile node. 

34. in a mobile communication service system provid- 
ing a communication service for a mobile node, 
having plurality of agents each of which can accom- 
modate the mobile node, wherein the mobile node 
transmits a connection request to one of the plural- 
ity of agents requesting a connection to the mobile 
communication service system, a visitor manage- 
ment system comprising: 

a visitor list table for managing a mobile node, 
when the mobile node Is connected to an 
agent; 

a mobility binding table for managing a service 
profile comespondlng to the mobile node con- 
nected to the agent; and 
an authentication manager that receives the 
connection requests from the mobile node, pro- 
vides authentication Information to an accom- 
modating agent, tracts from a database tiie 
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service profile corresponding to the mobile 
node, and downloeds the service profile to the 
mobility binding table, the service profile con- 
lalnlng Information used by the agent to pro- 
vide a service requested by the mobile node. 5 

35. An agent apparatus of a mobile communication 
system, the agent capable of receiving a message 
containing location registration request Infomnation 
which requests the registration of a mobile node, 10 
registering a iocaliDn of the mobile node, and pro- 
viding communication services for the mobile node^ 
and comprising: 



36. The agent apparatus of claim 35, wherein 

the message containing registration reply Infor- 
mation is received In response to the transmit- 3S 
ted message containing the registration 
request Information and further contains serv- 
ice profile information of the mobile node, and 
the service control information is set according 
to the service profile information. 40 

37. The agent apparatus of claim 35, wherein 

the control unit upon receiving a registration 
request message from an authentication server 45 
In the mobile communication system retrieves 
from the registration request message Informa- 
tion required to register a new location of the 
mobile node, and updates the service control 
unit and the router control unit In order to trans- so 
fer a packet addressed to the mobile node to 
the new location of the mobile node according 
ID the service control Infomnation. 



responding message, the apparatus comprising: 

a service control unit for receiving a registration 
request message containing location registra- 
tion request infonnation from a mobile node, 
and, In response to the message, transmitting 
to an agent a reply message containing service 
profile information of the mobile node in order 
that the agent may provide a value-added serv- 
ice for the mobile node, and 
a service control transaction unit for managing 
location infomnation of the mobile node. 

39. The authentication apparatus of claim 38 further 
comprising: 

a service control database unit coupled to the 
service control unit and providing service pro- 
file Inforn^tion for the mobile node to the serv- 
ice control unit when the registration request 
message is received. 

40. The authentication apparatus of claim 39 wherein 
the location registration request Inforn^ation con- 
tains a networic access identifier (NAi) that identi- 
fies the mobile node, and the service control unit 
extracts the service profile Information stored In the 
service control database unit comsspondlng to the 
NAi. 

41. The authentication apparatus of claim 38 wherein 
the service control unit assigns a home agent for 
the mobile node and the service control unit further 
comprises: 

a home agent assignment unit for managing 
assignment Infonmation of the assigned home 
agent 

42. The authentication apparatus of claim 36 wherein 
the registration request message Is a mobile IP 
message. 

43. The authentication apparatus of claim 42 wherein a 
DIAMETER message Is formed by setting a DIAM- 
ETER header immediately after an IP header and a 
UDP header of the mobile IP message, and setting 
a group of AVPs (attribute value pairs) of DIAME- 
TER after the DIAMETER header. 

44. The authentication apparatus of claim 38 wherein 
the registration request message conresponds to 
the Diameter protocol. 



a control unit that upon receiving a message is 
corrtalning location registrBtion request infor- 
mation from a mobile node in the mobile com- 
munication system generates a registration 
request message containing the location regis- 
tration request Information and sends the regis- 20 
tratlon request message to an authentication 
server; 

a service control unit that upon receiving a 
message containing registration reply Informa- 
tion sets service control information according 2S 
to the registration reply infonnation; and 
a router control unit for controlling a paclcet 
transmitted and r^elved by the mobile node 
through the agent according to the service con- 
trol Information. 30 



38. An autiientication apparatus of a mobile communl- sb 45. The authentication apparatus of claim 44 wherein 

cation system, tiie apparatus capable of receiving a the attribute value pair extensions contain com- 

registration request message containing location mand and data Infonnation. 
registration request Information, and transmitting a 
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46. A home agent apparatus serving as one of a plural- 
ity of such agents and used In a mobile communica- 
tion service system providing a communication 
service for a mobile node in a system having a 
database for use In managing a service profile con- 5 
talning infomiatlon used to provide a service 
requested by the mobile node, each of the plurality 
of agents capable of accommodating the mobile 
node, and art authentication server authenticating 
the mobile node, the home agent apparatus com- 10 
prising: 

a first generation unit for generating a visitor list 
and adding a mobile node to the visitor list 
upon receipt of a location registration request is 
from the mobile node; 

a request unit for transmitting an authentication 
request to the authentication server to authen- 
ticate the mobile node; 

a second generation unit generating a mobility so 
binding table for the nrablle node upon receipt 
from the authentication server of a service pro- 
file corresponding to the mobile node extracted 
from the database and an authentication reply 
conresponding to the authentbation request; 2S 
and 

a service control unit providing a service forthe 
mobile node using the service profile, the visi- 
tor list, and the mobility binding table. 
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